Tagged: Cybersecurity Alert

Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2031064

Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2032427

Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2038803

Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1355639

Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=1965430

Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2018513

Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2021727

Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2029511

Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2003171

Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2029070

Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. More information : https://bugzilla.mozilla.org/show_bug.cgi?id=2038439

Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while...

Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Cloud Server service to...

HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated remote attackers to achieve root-level code execution....