what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 23 of 23 RSS Feed

CVE-2023-25728

Status Candidate

Overview

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Related Files

Gentoo Linux Security Advisory 202305-35
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-35 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0:esr are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25731, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25742
SHA-256 | 80fb46eeb6bf6b4a190797c274bb247b815138162b8deea3f7a113e5d441ebc6
Gentoo Linux Security Advisory 202305-36
Posted May 30, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-36 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. Versions greater than or equal to 102.10.0 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-1945, CVE-2023-1999, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25734, CVE-2023-25735, CVE-2023-25737, CVE-2023-25738, CVE-2023-25739, CVE-2023-25740
SHA-256 | cf32af8db7f48a44b2fe2d1424fd1ad7ec5f57e5c79d44dd0561f7d2a05b5ea4
Ubuntu Security Notice USN-5943-1
Posted Mar 13, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5943-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Johan Carlsson discovered that Thunderbird did not properly implement CSP policy on a header when using iframes. An attacker could potentially exploits this to exfiltrate data.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25730, CVE-2023-25732, CVE-2023-25737, CVE-2023-25739, CVE-2023-25746
SHA-256 | 859da6042faf89a056033a58de2955c904821993b08e8e20d961d88955336897
Ubuntu Security Notice USN-5880-2
Posted Mar 1, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5880-2 - USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information. Vitor Torres discovered that Firefox did not properly manage permissions of extensions interaction via ExpandedPrincipals. An attacker could potentially exploits this issue to download malicious files or execute arbitrary code. Irvan Kurniawan discovered that Firefox did not properly validate background script invoking requestFullscreen. An attacker could potentially exploit this issue to perform spoofing attacks. Ronald Crane discovered that Firefox did not properly manage memory when using EncodeInputStream in xpcom. An attacker could potentially exploits this issue to cause a denial of service. Samuel Grob discovered that Firefox did not properly manage memory when using wrappers wrapping a scripted proxy. An attacker could potentially exploits this issue to cause a denial of service. Holger Fuhrmannek discovered that Firefox did not properly manage memory when using Module load requests. An attacker could potentially exploits this issue to cause a denial of service. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

tags | advisory, denial of service, arbitrary, spoof, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25733, CVE-2023-25735, CVE-2023-25739, CVE-2023-25742
SHA-256 | d8134e53c73b5f2b98a54caf846a945da5e3e78dac7bf2d66525cf6b12579a76
Red Hat Security Advisory 2023-0817-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0817-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | cda5a0e898c2cc9329016bce84a9c69b6095640d6a47a991963243ac8764f09f
Red Hat Security Advisory 2023-0824-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0824-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 128fd17e7a1529f917f1f2f8fa799ece3b9eec168d9a044d2225b9ed2024fda0
Red Hat Security Advisory 2023-0821-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 66c6731449ad4c352fc545a1c7dbd789b379d9b8a367742c08c2225a583334ab
Red Hat Security Advisory 2023-0823-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0823-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 1822156219e27d6bb4fea9be270b6ce31829db67b8136200de39281d4fd60671
Red Hat Security Advisory 2023-0819-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0819-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | be5fbae736f0dc6eee35648fe697648dc2f2f52704a38bc5531f49d095aaff51
Red Hat Security Advisory 2023-0818-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0818-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 326e6c6f913107e1122468430ca5a98c53f5e9719fcc3047ac67d3ee1b8cc497
Red Hat Security Advisory 2023-0822-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0822-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 59649692c8e63f18d84dd3340d85600d564d8d508cf8caaec994cd2e9d51eca7
Red Hat Security Advisory 2023-0820-01
Posted Feb 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0820-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0616, CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 537024c4cab810d90fc030cf6a31d8aeaba39da5053307430086476c543be13f
Debian Security Advisory 5355-1
Posted Feb 20, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5355-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2022-46871, CVE-2022-46877, CVE-2023-0430, CVE-2023-0616, CVE-2023-0767, CVE-2023-23598, CVE-2023-23601, CVE-2023-23602, CVE-2023-23603, CVE-2023-23605, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732
SHA-256 | 0f4b7e99ba15bbfd85f7386e545fc53f7d8d15979fc3bb26c7f05c85596889da
Ubuntu Security Notice USN-5880-1
Posted Feb 20, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5880-1 - Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attributes. An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes. Johan Carlsson discovered that Firefox did not properly manage child iframe's unredacted URI when using Content-Security-Policy-Report-Only header. An attacker could potentially exploits this to obtain sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25731, CVE-2023-25732, CVE-2023-25733, CVE-2023-25735, CVE-2023-25736, CVE-2023-25739, CVE-2023-25742, CVE-2023-25744
SHA-256 | 52a03d98745dab7fc6ca08096031142868f3b4b4ad08bdeed6e8c320a08a74d8
Red Hat Security Advisory 2023-0809-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0809-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 64d760b0f84fd884f5a9580099f973acc202f7650607526caf85e5b0ae907220
Red Hat Security Advisory 2023-0805-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0805-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | cfa40fc256c77d593c5a6e960f9f6b2c2fb43426fb7e9cbdd6b7ab80e95c6bdb
Red Hat Security Advisory 2023-0808-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0808-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 88c7f4685c90b5318576d6349b3dd56ba1e45ab3a8d6c95cd1385cf47623d58e
Red Hat Security Advisory 2023-0810-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0810-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 354e9d9061ece6bd38e95b02c6d61d18d689e1465de7a220b51ab3d7907f8082
Red Hat Security Advisory 2023-0811-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0811-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 348dc1d326351bfa69305ff0d4787a66503f853f4ccd0deb8677243fdfad3d29
Red Hat Security Advisory 2023-0807-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0807-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 0911573444772b9f436a584525bbaf1bd4031b7625d24312a05ebb46f26f7172
Red Hat Security Advisory 2023-0812-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0812-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 9d1404f089b3e095d818b7ae21e1522909439edf033484cd2022cc88ec372578
Red Hat Security Advisory 2023-0806-01
Posted Feb 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-0806-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Issues addressed include a use-after-free vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25743, CVE-2023-25744, CVE-2023-25746
SHA-256 | 79bdeec98aaa0f2a23eb6fd1b2536af0429592d9f65c04ff0a63e8df4d0e5c96
Debian Security Advisory 5350-1
Posted Feb 16, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5350-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

tags | advisory, web, arbitrary, spoof, info disclosure
systems | linux, debian
advisories | CVE-2023-0767, CVE-2023-25728, CVE-2023-25729, CVE-2023-25730, CVE-2023-25732, CVE-2023-25735, CVE-2023-25737, CVE-2023-25739, CVE-2023-25742, CVE-2023-25744, CVE-2023-25746
SHA-256 | c3d354e3e29299851841adde233b8f00835b92a77d8a6d93936ca8c508194f28
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close