ISHACK AI BOT

Oracle Linux: CVE-2023-38599: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/02/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. A flaw was found in WebKitGTK, which exists due to a logic issue in WebKit related to a user's privacy. A remote attacker may be able to track sensitive user information. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38599 CVE - 2023-38599 ELSA-2023-6535 ELSA-2023-7055

Oracle Linux: CVE-2023-3978: ELSA-2023-6938:container-tools:4.0 security and bug fix update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 08/02/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim's cookie-based authentication credentials. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-3978 CVE - 2023-3978 ELSA-2023-6938 ELSA-2023-6474 ELSA-2023-6939

Debian: CVE-2023-38288: tiff -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 11/08/2023 Description Rejected reason: Not a Security Issue. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-38288 CVE - 2023-38288 DLA-3513-1

Oracle Linux: CVE-2023-38592: ELSA-2023-6535:webkit2gtk3 security and bug fix update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. A flaw was found in WebKitGTK. This issue occurs when processing malicious web content, which may lead to arbitrary code execution. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-38592 CVE - 2023-38592 ELSA-2023-6535 ELSA-2023-7055

OS X update for Kernel (CVE-2023-28199) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. An app may be able to disclose kernel memory. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28199 CVE - 2023-28199 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Huawei EulerOS: CVE-2023-4016: procps-ng security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) huawei-euleros-2_0_sp8-upgrade-procps-ng huawei-euleros-2_0_sp8-upgrade-procps-ng-i18n References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 EulerOS-SA-2023-3147

Alma Linux: CVE-2023-29409: Moderate: container-tools:4.0 security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-race alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 https://errata.almalinux.org/8/ALSA-2024-0121.html https://errata.almalinux.org/9/ALSA-2023-5738.html https://errata.almalinux.org/9/ALSA-2023-7762.html https://errata.almalinux.org/9/ALSA-2023-7763.html https://errata.almalinux.org/9/ALSA-2023-7764.html https://errata.almalinux.org/9/ALSA-2023-7765.html https://errata.almalinux.org/9/ALSA-2023-7766.html View more

Gentoo Linux: CVE-2023-4054: Mozilla Thunderbird: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-4054 CVE - 2023-4054 202402-25

Gentoo Linux: CVE-2023-3736: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 08/01/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-3736 CVE - 2023-3736 202401-34

Artifex Ghostscript: (CVE-2023-38560) An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 07/10/2024 Added 07/08/2024 Modified 01/28/2025 Description An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. Solution(s) ghostscript-upgrade-10_02_0 References https://attackerkb.com/topics/cve-2023-38560 CVE - 2023-38560

MFSA2023-33 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.1 (CVE-2023-4055) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 02/14/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-thunderbird-upgrade-115_1 References https://attackerkb.com/topics/cve-2023-4055 CVE - 2023-4055 http://www.mozilla.org/security/announce/2023/mfsa2023-33.html

MFSA2023-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.2 (CVE-2023-4053) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) mozilla-thunderbird-upgrade-115_2 References https://attackerkb.com/topics/cve-2023-4053 CVE - 2023-4053 http://www.mozilla.org/security/announce/2023/mfsa2023-38.html

Red Hat: CVE-2023-4055: Cookie jar overflow caused unexpected cookie jar state (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-4055 RHSA-2023:4461 RHSA-2023:4462 RHSA-2023:4463 RHSA-2023:4465 RHSA-2023:4468 RHSA-2023:4493 RHSA-2023:4494 RHSA-2023:4495 RHSA-2023:4497 RHSA-2023:4499 View more

Red Hat: CVE-2023-38559: ghostscript: Out-of-bound read in base/gdevdevn.c:1973 in devn_pcx_write_rle could result in DoS (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2023-38559 RHSA-2023:6544 RHSA-2023:7053

Red Hat: CVE-2023-4049: Fix potential race conditions when releasing platform objects (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-4049 RHSA-2023:4461 RHSA-2023:4462 RHSA-2023:4463 RHSA-2023:4465 RHSA-2023:4468 RHSA-2023:4493 RHSA-2023:4494 RHSA-2023:4495 RHSA-2023:4497 RHSA-2023:4499 View more

Red Hat: CVE-2023-4050: Stack buffer overflow in StorageManager (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-4050 RHSA-2023:4461 RHSA-2023:4462 RHSA-2023:4463 RHSA-2023:4465 RHSA-2023:4468 RHSA-2023:4493 RHSA-2023:4494 RHSA-2023:4495 RHSA-2023:4497 RHSA-2023:4499 View more

Red Hat: CVE-2023-4057: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1 (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-4057 RHSA-2023:4461 RHSA-2023:4462 RHSA-2023:4463 RHSA-2023:4465 RHSA-2023:4468 RHSA-2023:4493 RHSA-2023:4494 RHSA-2023:4495 RHSA-2023:4497 RHSA-2023:4499 View more

Red Hat: CVE-2023-4051: Full screen notification obscured by file open dialog (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 09/05/2023 Added 09/05/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-4051 RHSA-2023:4945 RHSA-2023:4947 RHSA-2023:4950 RHSA-2023:4952 RHSA-2023:4954 RHSA-2023:4955 RHSA-2023:4958 RHSA-2023:4959 RHSA-2023:5019 View more

MFSA2023-30 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.14 (CVE-2023-4047) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-firefox-esr-upgrade-102_14 References https://attackerkb.com/topics/cve-2023-4047 CVE - 2023-4047 http://www.mozilla.org/security/announce/2023/mfsa2023-30.html

MFSA2023-29 Firefox: Security Vulnerabilities fixed in Firefox 116 (CVE-2023-4048) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-firefox-upgrade-116_0 References https://attackerkb.com/topics/cve-2023-4048 CVE - 2023-4048 http://www.mozilla.org/security/announce/2023/mfsa2023-29.html

MFSA2023-29 Firefox: Security Vulnerabilities fixed in Firefox 116 (CVE-2023-4055) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-firefox-upgrade-116_0 References https://attackerkb.com/topics/cve-2023-4055 CVE - 2023-4055 http://www.mozilla.org/security/announce/2023/mfsa2023-29.html

MFSA2023-31 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.1 (CVE-2023-4055) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) mozilla-firefox-esr-upgrade-115_1 References https://attackerkb.com/topics/cve-2023-4055 CVE - 2023-4055 http://www.mozilla.org/security/announce/2023/mfsa2023-31.html

Oracle Linux: CVE-2023-4049: ELSA-2023-4462:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/09/2023 Added 08/04/2023 Modified 12/06/2024 Description Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1. The Mozilla Foundation Security Advisory describes this flaw as: Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4049 CVE - 2023-4049 ELSA-2023-4462 ELSA-2023-4499 ELSA-2023-4497 ELSA-2023-4495 ELSA-2023-4468 ELSA-2023-4461 View more

Oracle Linux: CVE-2023-4047: ELSA-2023-4462:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/09/2023 Added 08/04/2023 Modified 12/06/2024 Description A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1. The Mozilla Foundation Security Advisory describes this flaw as: A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4047 CVE - 2023-4047 ELSA-2023-4462 ELSA-2023-4499 ELSA-2023-4497 ELSA-2023-4495 ELSA-2023-4468 ELSA-2023-4461 View more

Oracle Linux: CVE-2023-4045: ELSA-2023-4462:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/09/2023 Added 08/04/2023 Modified 12/06/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox &lt; 116, Firefox ESR &lt; 102.14, and Firefox ESR &lt; 115.1. The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4045 CVE - 2023-4045 ELSA-2023-4462 ELSA-2023-4499 ELSA-2023-4497 ELSA-2023-4495 ELSA-2023-4468 ELSA-2023-4461 View more