Red Hat Security Advisory 2019-2237-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Side channel attack vulnerabilities were addressed.
90de1f53cc7fc5e813be6b57b156663c22702ec3a2ed230220c3066695398340Gentoo Linux Security Advisory 201903-4 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 60.5.1 are affected.
20f08612c8ca6c7100b86c7d867c5217f53e3e3a0d615961b7cc0eca15beac39Ubuntu Security Notice 3850-2 - USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. Various other issues were also addressed.
7498b43104d4fb07034d4fa82fae12b25b42d1e94165a25a6a94e278d49e0473Red Hat Security Advisory 2019-0160-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
0eab7472c7f430ba1c73c0806d5414fccb11a327c2106d82bf61ac2ec3906bbfUbuntu Security Notice 3868-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code.
85233d2f28c9005d6f996d2675c0d1f4b94b69c26083039521f3cc4a116d3f42Red Hat Security Advisory 2019-0159-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Issues addressed include buffer overflow and use-after-free vulnerabilities.
4b293c377b9c126c1f64c864bad6bb138798a4a720559e51bba799a78c547adcUbuntu Security Notice 3850-1 - Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. Various other issues were also addressed.
33dfd212dff4b39a5b8a3ffb081d43f4f2201ce71c47312b15edcf37961cf627Red Hat Security Advisory 2018-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
abc39ad18277beaa29d946e69e22fe8100ab959716ff83f5434d7dad4b714ef1Red Hat Security Advisory 2018-3831-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.
fa4d0fb6edb9fcaa7acb22fc4880dbda65712b5a54c4433bd1aac71bf6472536Debian Linux Security Advisory 4354-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or bypass of the same-origin policy.
d4abe9fb775b7447462f9534ef3304643476701c50f56da8f4238dcf00de841bUbuntu Security Notice 3844-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Multiple security issues were discovered in WebExtensions. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to open privileged pages, or bypass other security restrictions. Various other issues were also addressed.
5381a46fa222c6954f33d32c8b26fe2c3b1a4a79cb6b08419a803edb1c68022eSlackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.
8f68939f6ea6bc41b5d88e5c6f9512f0b524cfbf8bf623647dc7314c29fac479Ubuntu Security Notice 3801-2 - USN-3801-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Multiple security issues were discovered with WebExtensions in Firefox. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit these to bypass domain restrictions, gain additional privileges, or run content scripts in local pages without permission. Various other issues were also addressed.
19adff75e4651cdc2641de4dfbb8e5a60a5f17ff9dd101eda5aab4bf371e654bUbuntu Security Notice 3801-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass CSP restrictions, spoof the protocol registration notification bar, leak SameSite cookies, bypass mixed content warnings, or execute arbitrary code. Various other issues were also addressed.
070751dac62d0e36aedbaaf6e004869962630cbbfb0a6e6921710868df00e0daDell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having access to the vCloud subnet where ViPR is deployed, could potentially sniff the password and use it to take over the cluster's virtual IP and cause a denial of service on that ViPR Controller system.
a62074461924f195daf7bb54348db2d390f610e5063b3125fb5b2c5962cecb92
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed