Red Hat Security Advisory 2019-4190-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services libraries. An out-of-bounds write vulnerability was addressed.
c6309421d9f435509de27d878786d1b1be6de862683ea853d6042b272f929b5fGentoo Linux Security Advisory 201908-20 - Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.
82247292a5a89d4970f5b857f57386823ecdf480b9bfb07d6b1153f2b435c3faGentoo Linux Security Advisory 201908-12 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 60.8.0 are affected.
9c1b71d78a94d040a45e2a38d652fada76b7a84a057a50826157ff452c810ac7Red Hat Security Advisory 2019-1951-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include denial of service and null pointer vulnerabilities.
1f4cc541395526b348ed675175c7d4fe1837f49f0417715b1f2fe5954ffc4a51Ubuntu Security Notice 4054-2 - USN-4054-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. It was discovered that Firefox treats all files in a directory as same origin. If a user were tricked in to downloading a specially crafted HTML file, an attacker could potentially exploit this to obtain sensitive information from local files. Various other issues were also addressed.
9573711ae77b9f804c17bb7d87e64c1ac94e7240fc30836a442eedef386d1b66Ubuntu Security Notice 4064-1 - A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same origin restrictions, conduct cross-site scripting attacks, spoof origin attributes, or execute arbitrary code. Various other issues were also addressed.
d8bb2d36469cca9788e2761790b4d38cd8c92d475841dd30ce09db715d30ac1eUbuntu Security Notice 4060-2 - USN-4060-1 fixed several vulnerabilities in nss. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.
dc404bec2be92aec8572c8e14075ea9973a755e99561a52a901d64fd45019358Ubuntu Security Notice 4060-1 - Henry Corrigan-Gibbs discovered that NSS incorrectly handled importing certain curve25519 private keys. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly obtain sensitive information. Hubert Kario discovered that NSS incorrectly handled PKCS#1 v1.5 signatures when using TLSv1.3. An attacker could possibly use this issue to trick NSS into using PKCS#1 v1.5 signatures, contrary to expectations. This issue only applied to Ubuntu 19.04. Various other issues were also addressed.
4833762dc1164d15b60629a20a5c4a0bde649c21804aa2733f5e4705fa96aa17Ubuntu Security Notice 4054-1 - A sandbox escape was discovered in Firefox. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass same origin restrictions, conduct cross-site scripting attacks, conduct cross-site request forgery attacks, spoof origin attributes, spoof the addressbar contents, bypass safebrowsing protections, or execute arbitrary code. Various other issues were also addressed.
efed5f9ddc3684e7f863dc8438c5a72e1a0114838f1748ce7426e214fd501234Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.
4787823e0c09d05400e7a707e0726a8e7e912bf644dadb7904a67a608c966456Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
4212bb26bd9ce93bc78d4a496fe33e72e013d31ce77b01561cd63c75f082fb92
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed