Download
| Alert*
oval:org.secpod.oval:def:89043767
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Update Firefox Extended Support Release to 68.3.0 ESR Security issues fixed: - CVE-2019-17008: Use-after-free in worker destruction . - CVE-2019-13722: Stack corruption due to incorrect number of arguments in WebR ... oval:org.secpod.oval:def:66507 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the ... oval:org.secpod.oval:def:61512 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:70146 firefox - Mozilla Open Source web browser. Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:503463 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the ... oval:org.secpod.oval:def:503467 The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:61536 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:60797 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:89003120 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code - CVE-2019-11745: ... oval:org.secpod.oval:def:89050864 This update for MozillaFirefox fixes the following issues: Mozilla Firefox was updated to 68.3esr Security issues fixed: - CVE-2019-17008: Fixed a use-after-free in worker destruction - CVE-2019-13722: Fixed a stack corruption due to incorrect number of arguments in WebRTC code - CVE-2019-11745: ... oval:org.secpod.oval:def:2105394 Oracle Solaris 11 - ( CVE-2019-17012 ) oval:org.secpod.oval:def:59828 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-38. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:59800 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-37. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the browser. oval:org.secpod.oval:def:59815 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-36. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the browser. oval:org.secpod.oval:def:2106028 Oracle Solaris 11 - ( CVE-2019-11745 ) oval:org.secpod.oval:def:68073 firefox - Mozilla Open Source web browser. Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705309 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:705295 nss: Network Security Service library NSS could be made to crash or run programs if it received specially crafted input. oval:org.secpod.oval:def:59816 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-37. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the browser. oval:org.secpod.oval:def:59817 Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable ... oval:org.secpod.oval:def:69794 Two vulnerabilities were discovered in libnss3-dev, a set of cryptographic libraries, which may result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:604630 Two vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service and potentially the execution of arbitrary code. oval:org.secpod.oval:def:705339 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1502745 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:59829 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-38. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the service. oval:org.secpod.oval:def:1502751 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:205400 The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:59799 The host is missing a high severity security update according to Mozilla advisory, MFSA2019-36. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to crash the browser. oval:org.secpod.oval:def:59801 Mozilla Firefox 71, Mozilla Firefox ESR 68.3 and Mozilla Thunderbird 68.3: When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable ... oval:org.secpod.oval:def:1700291 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR lt; 60.8, Firefox lt; 68, and Thunderbird lt; 60.8. A heap-based buffer overflow was found in the NSC_Encry ... oval:org.secpod.oval:def:503466 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:1700297 A heap-based buffer overflow was found in the NSC_EncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application . While the attack complexity is high, the imp ... oval:org.secpod.oval:def:1601120 A heap-based buffer overflow was found in the NSC_EncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application . While the attack complexity is high, the imp ... oval:org.secpod.oval:def:1701170 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR less than 60.8, Firefox less than 68, and Thunderbird less than 60.8. A heap-based buffer overflow was foun ... oval:org.secpod.oval:def:89003011 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key ... oval:org.secpod.oval:def:89000146 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives . - CVE-2019-11745: EncryptUpdate should use maxout, not block size . - CVE-2019-11727: Fixed vulnera ... oval:org.secpod.oval:def:205415 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:205416 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:1502750 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1702140 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR less than 60.8, Firefox less than 68, and Thunderbird less than 60.8. A heap-based buffer overflow was foun ... oval:org.secpod.oval:def:89050835 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to NSS 3.47.1: Security issues fixed: - CVE-2019-17006: Added length checks for cryptographic primitives . - CVE-2019-11745: EncryptUpdate should use maxout, not block size . - CVE-2019-11727: Fixed vulnera ... oval:org.secpod.oval:def:205408 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:705443 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:70197 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. |