Download
| Alert*
oval:org.secpod.oval:def:1701664
firefox-esr , thunderbird and nss only are affected by this package. The Mozilla Foundation Security Advisory describes this flaw as:The `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. ... oval:org.secpod.oval:def:97722 [CLSA-2023:1681327540] nss: Fix of CVE-2023-0767 oval:org.secpod.oval:def:1701203 firefox-esr , thunderbird and nss only are affected by this package. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O growth via consecutive marks during the process of looking back for base glyphs when attaching marks. The Mozilla Foundation Security Advisory describ ... oval:org.secpod.oval:def:1601695 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:89356 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:89354 Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of arbitrary code if a specially crafted PKCS 12 certificate bundle is processed. oval:org.secpod.oval:def:89048290 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:89351 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. oval:org.secpod.oval:def:507584 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:2600175 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:507583 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 Bug Fix: * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output s ... oval:org.secpod.oval:def:5800142 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 Bug Fix: * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output s ... oval:org.secpod.oval:def:2501027 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:87606 Mozilla Firefox 110.0, Mozilla Firefox ESR 102.8, Mozilla Thunderbird 102.8 : An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. oval:org.secpod.oval:def:87969 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:1506429 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Enabled aarch64 build [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:3300331 SUSE Security Update: Security update for mozilla-nss oval:org.secpod.oval:def:87604 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-06 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:87605 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-05 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:89048296 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : - CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. - CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. - CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:1506428 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:707985 firefox: Mozilla Open Source web browser Details: USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5880-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:89466 firefox: Mozilla Open Source web browser Details: USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-5880-1 caused some minor regressions in Firefox. oval:org.secpod.oval:def:89048282 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 : - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. oval:org.secpod.oval:def:89465 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:206020 Security Fix: nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:1506432 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506553 [3.44.0-7.0.3] - Back port nss security update CVE-2023-0767 [Orabug: 35205543] oval:org.secpod.oval:def:1506433 [102.8.0-2.0.1] - Remove upstream references [Orabug: 30143292] - Update distribution for Oracle Linux [Orabug: 30143292] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:610414 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing. oval:org.secpod.oval:def:1506430 [102.8.0-2.0.1] - Updated homepages to use https [Orabug: 34648274] - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506431 [102.8.0-2.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [102.8.0-2] - Update to 102.8.0 build2 [102.8.0-1] - Update to 102.8.0 build1 oval:org.secpod.oval:def:1506475 [3.79.0-11] - Fix CVE-2023-0767 oval:org.secpod.oval:def:610418 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. oval:org.secpod.oval:def:610417 Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag attributes in nss, the Mozilla Network Security Service library, may result in execution of arbitrary code if a specially crafted PKCS 12 certificate bundle is processed. oval:org.secpod.oval:def:89048641 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:89048287 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 : - CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. oval:org.secpod.oval:def:19500043 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:2600155 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. oval:org.secpod.oval:def:5800004 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:2500944 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. oval:org.secpod.oval:def:89493 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1506480 [3.79.0-5] - fix CVE-2023-0767 oval:org.secpod.oval:def:206012 Security Fix: Mozilla: Arbitrary memory write via PKCS 12 in NSS Mozilla: Content security policy leak in violation reports using iframes Mozilla: Screen hijack via browser fullscreen mode Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey Mozilla: Invalid downcast in SV ... oval:org.secpod.oval:def:2600153 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:206013 Security Fix: Mozilla: Arbitrary memory write via PKCS 12 in NSS Mozilla: Content security policy leak in violation reports using iframes Mozilla: Screen hijack via browser fullscreen mode Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey Mozilla: Invalid downcast in SV ... oval:org.secpod.oval:def:708022 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:4501187 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:4501221 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:4501216 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ... oval:org.secpod.oval:def:89048636 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:1506485 [3.79.0-17] - fix consistency return errors. We shouldn"t lock the FIPS token if the application asked for invalid DH parameters on on keygen. [3.79.0-16] - Add check for RSA PSS Salt required by FIPS - Update fips_algorithms.sh according to the review. [3.79.0-15] - Fix CVE-2023-0767 oval:org.secpod.oval:def:89402 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:2500938 Mozilla Thunderbird is a standalone mail and newsgroup client. oval:org.secpod.oval:def:87661 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-07 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:5800039 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ... oval:org.secpod.oval:def:87580 Mozilla Firefox 110.0, Mozilla Firefox ESR 102.8 and Mozilla Thunderbird 102.8 : An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. oval:org.secpod.oval:def:507530 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ... oval:org.secpod.oval:def:507573 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:507534 Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using ... oval:org.secpod.oval:def:507531 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:507575 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:89048506 This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not ... oval:org.secpod.oval:def:507535 Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser ful ... oval:org.secpod.oval:def:3300222 SUSE Security Update: Security update for MozillaFirefox oval:org.secpod.oval:def:87578 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-06 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:89048584 This update for mozilla-nss fixes the following issues: Updated to NSS 3.79.4 : * CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types. oval:org.secpod.oval:def:707966 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:87579 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-05 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:87656 The host is missing a high severity security update according to the Mozilla advisory MFSA2023-07 and is prone to multiple vulnerabilities. The flaws are present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows an attacker to have unspecified imp ... oval:org.secpod.oval:def:1701232 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:2107986 Oracle Solaris 11 - ( CVE-2023-23598 ) oval:org.secpod.oval:def:707973 nss: Network Security Service library Several security issues were fixed in NSS. |