ISHACK AI BOT

Alpine Linux: CVE-2023-23598: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-23598 CVE - 2023-23598 https://security.alpinelinux.org/vuln/CVE-2023-23598

Rocky Linux: CVE-2023-28176: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-28176 CVE - 2023-28176 https://errata.rockylinux.org/RLSA-2023:1336 https://errata.rockylinux.org/RLSA-2023:1337 https://errata.rockylinux.org/RLSA-2023:1403 https://errata.rockylinux.org/RLSA-2023:1407

Alpine Linux: CVE-2023-29536: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-29536 CVE - 2023-29536 https://security.alpinelinux.org/vuln/CVE-2023-29536

Rocky Linux: CVE-2023-0767: nss (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-nspr rocky-upgrade-nspr-debuginfo rocky-upgrade-nspr-devel rocky-upgrade-nss rocky-upgrade-nss-debuginfo rocky-upgrade-nss-debugsource rocky-upgrade-nss-devel rocky-upgrade-nss-softokn rocky-upgrade-nss-softokn-debuginfo rocky-upgrade-nss-softokn-devel rocky-upgrade-nss-softokn-freebl rocky-upgrade-nss-softokn-freebl-debuginfo rocky-upgrade-nss-softokn-freebl-devel rocky-upgrade-nss-sysinit rocky-upgrade-nss-sysinit-debuginfo rocky-upgrade-nss-tools rocky-upgrade-nss-tools-debuginfo rocky-upgrade-nss-util rocky-upgrade-nss-util-debuginfo rocky-upgrade-nss-util-devel rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824 https://errata.rockylinux.org/RLSA-2023:1252 https://errata.rockylinux.org/RLSA-2023:1368 View more

Alpine Linux: CVE-2023-28163: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. <br>*This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-28163 CVE - 2023-28163 https://security.alpinelinux.org/vuln/CVE-2023-28163

Rocky Linux: CVE-2023-0547: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-0547 CVE - 2023-0547 https://errata.rockylinux.org/RLSA-2023:1802 https://errata.rockylinux.org/RLSA-2023:1809

Alpine Linux: CVE-2023-32213: Use of Uninitialized Resource Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32213 CVE - 2023-32213 https://security.alpinelinux.org/vuln/CVE-2023-32213

VMware Photon OS: CVE-2023-0767 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767

Gentoo Linux: CVE-2023-32213: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-32213 CVE - 2023-32213 202312-03 202401-10

Gentoo Linux: CVE-2023-32215: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 202312-03 202401-10

Gentoo Linux: CVE-2023-32212: Mozilla Thunderbird: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/02/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-32212 CVE - 2023-32212 202312-03 202401-10

Gentoo Linux: CVE-2023-32211: Mozilla Thunderbird: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/28/2025 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 202312-03 202401-10

Gentoo Linux: CVE-2023-2816: HashiCorp Consul: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 06/02/2023 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies. Solution(s) gentoo-linux-upgrade-app-admin-consul References https://attackerkb.com/topics/cve-2023-2816 CVE - 2023-2816 202412-14

Gentoo Linux: CVE-2023-33476: MiniDLNA: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write. Solution(s) gentoo-linux-upgrade-net-misc-minidlna References https://attackerkb.com/topics/cve-2023-33476 CVE - 2023-33476 202311-12

Gentoo Linux: CVE-2023-1297: HashiCorp Consul: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 12/10/2024 Added 12/09/2024 Modified 01/30/2025 Description Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 Solution(s) gentoo-linux-upgrade-app-admin-consul References https://attackerkb.com/topics/cve-2023-1297 CVE - 2023-1297 202412-14

Alpine Linux: CVE-2023-32206: Out-of-bounds Read Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32206 CVE - 2023-32206 https://security.alpinelinux.org/vuln/CVE-2023-32206

Alpine Linux: CVE-2023-3044: Divide By Zero Severity 2 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:P) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. Solution(s) alpine-linux-upgrade-xpdf References https://attackerkb.com/topics/cve-2023-3044 CVE - 2023-3044 https://security.alpinelinux.org/vuln/CVE-2023-3044

Alpine Linux: CVE-2023-29548: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-29548 CVE - 2023-29548 https://security.alpinelinux.org/vuln/CVE-2023-29548

Alpine Linux: CVE-2023-32212: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32212 CVE - 2023-32212 https://security.alpinelinux.org/vuln/CVE-2023-32212

Alpine Linux: CVE-2023-0767: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 https://security.alpinelinux.org/vuln/CVE-2023-0767

Alpine Linux: CVE-2023-23601: Origin Validation Error Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-23601 CVE - 2023-23601 https://security.alpinelinux.org/vuln/CVE-2023-23601

Amazon Linux AMI 2: CVE-2023-32207: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32207 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32207

Rocky Linux: CVE-2023-0430: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-0430 CVE - 2023-0430 https://errata.rockylinux.org/RLSA-2023:0606 https://errata.rockylinux.org/RLSA-2023:0608

Gentoo Linux: CVE-2023-3044: Xpdf: Multiple Vulnerabilities Severity 2 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:P) Published 06/02/2023 Created 09/27/2024 Added 09/26/2024 Modified 01/30/2025 Description An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. Solution(s) gentoo-linux-upgrade-app-text-xpdf References https://attackerkb.com/topics/cve-2023-3044 CVE - 2023-3044 202409-25

Amazon Linux AMI 2: CVE-2023-32213: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32213 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32213