ISHACK AI BOT

Red Hat: CVE-2023-37202: Potential use-after-free from compartment mismatch in SpiderMonkey (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-37202 RHSA-2023:4062 RHSA-2023:4063 RHSA-2023:4064 RHSA-2023:4066 RHSA-2023:4067 RHSA-2023:4069 RHSA-2023:4071 RHSA-2023:4073 RHSA-2023:4076 RHSA-2023:4079 View more

Red Hat: CVE-2023-31248: use-after-free in nft_chain_lookup_byid() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-31248 RHSA-2023:5069 RHSA-2023:5091 RHSA-2023:5093 RHSA-2023:5575 RHSA-2023:5603 RHSA-2023:5604 View more

Red Hat: CVE-2023-35001: stack-out-of-bounds-read in nft_byteorder_eval() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-35001 RHSA-2023:5069 RHSA-2023:5091 RHSA-2023:5093 RHSA-2023:5221 RHSA-2023:5244 RHSA-2023:5255 RHSA-2023:5548 RHSA-2023:5574 RHSA-2023:5575 RHSA-2023:5603 RHSA-2023:5604 RHSA-2023:5621 RHSA-2023:5622 RHSA-2023:5627 View more

Gentoo Linux: CVE-2023-37205: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-37205 CVE - 2023-37205 202401-10

SUSE: CVE-2023-37212: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37212 CVE - 2023-37212

SUSE: CVE-2023-37210: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A website could prevent a user from exiting full-screen mode via alert and prompt calls.This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37210 CVE - 2023-37210

SUSE: CVE-2023-37209: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained.This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37209 CVE - 2023-37209

Amazon Linux AMI 2: CVE-2023-37206: Security patch for firefox (ALASFIREFOX-2023-017) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 07/05/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox < 115. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-37206 AL2/ALASFIREFOX-2023-017 CVE - 2023-37206

SUSE: CVE-2023-37207: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207

Amazon Linux AMI 2: CVE-2023-37208: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-37208 AL2/ALAS-2023-2156 AL2/ALASFIREFOX-2023-001 CVE - 2023-37208

Alpine Linux: CVE-2023-37212: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-37212 CVE - 2023-37212 https://security.alpinelinux.org/vuln/CVE-2023-37212

Gentoo Linux: CVE-2023-37208: Mozilla Thunderbird: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-37208 CVE - 2023-37208 202402-25

Gentoo Linux: CVE-2023-37210: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description A website could prevent a user from exiting full-screen mode via alert and prompt calls.This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-37210 CVE - 2023-37210 202401-10

Gentoo Linux: CVE-2023-37204: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 01/09/2024 Added 01/08/2024 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-37204 CVE - 2023-37204 202401-10

Ubuntu: USN-6226-1 (CVE-2023-25399): SciPy vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/05/2023 Created 07/14/2023 Added 07/14/2023 Modified 01/28/2025 Description A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly. Solution(s) ubuntu-pro-upgrade-python3-scipy References https://attackerkb.com/topics/cve-2023-25399 CVE - 2023-25399 USN-6226-1

Ubuntu: USN-6201-1 (CVE-2023-37212): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-37212 CVE - 2023-37212 USN-6201-1

Ubuntu: USN-6201-1 (CVE-2023-37205): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-37205 CVE - 2023-37205 USN-6201-1

Ubuntu: (Multiple Advisories) (CVE-2023-37208): Firefox vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37208 CVE - 2023-37208 USN-6201-1 USN-6214-1

Ubuntu: USN-6201-1 (CVE-2023-37210): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 07/06/2023 Added 07/06/2023 Modified 01/28/2025 Description A website could prevent a user from exiting full-screen mode via alert and prompt calls.This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-37210 CVE - 2023-37210 USN-6201-1

Rocky Linux: CVE-2023-37202: firefox (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-37202 CVE - 2023-37202 https://errata.rockylinux.org/RLSA-2023:4063 https://errata.rockylinux.org/RLSA-2023:4071 https://errata.rockylinux.org/RLSA-2023:4076

Rocky Linux: CVE-2023-37201: firefox (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 https://errata.rockylinux.org/RLSA-2023:4063 https://errata.rockylinux.org/RLSA-2023:4071 https://errata.rockylinux.org/RLSA-2023:4076

Rocky Linux: CVE-2023-37207: firefox (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-37207 CVE - 2023-37207 https://errata.rockylinux.org/RLSA-2023:4063 https://errata.rockylinux.org/RLSA-2023:4071 https://errata.rockylinux.org/RLSA-2023:4076

Amazon Linux AMI 2: CVE-2023-37205: Security patch for firefox (ALASFIREFOX-2023-017) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/05/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox < 115. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-37205 AL2/ALASFIREFOX-2023-017 CVE - 2023-37205

CentOS Linux: CVE-2023-35001: Important: kpatch-patch security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/05/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-3_10_0-1160_88_1 centos-upgrade-kpatch-patch-3_10_0-1160_88_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_90_1 centos-upgrade-kpatch-patch-3_10_0-1160_90_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_92_1 centos-upgrade-kpatch-patch-3_10_0-1160_92_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_95_1 centos-upgrade-kpatch-patch-3_10_0-1160_95_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_99_1 centos-upgrade-kpatch-patch-3_10_0-1160_99_1-debuginfo References CVE-2023-35001

Debian: CVE-2023-37201: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/05/2023 Created 07/10/2023 Added 07/10/2023 Modified 01/28/2025 Description An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-37201 CVE - 2023-37201 DLA-3484-1 DSA-5450-1