ISHACK AI BOT

Amazon Linux AMI 2: CVE-2023-32205: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32205 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32205

Amazon Linux AMI 2: CVE-2023-32215: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32215 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32215

Amazon Linux AMI 2: CVE-2023-25743: Security patch for firefox (ALASFIREFOX-2023-007) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2023-25743 AL2/ALASFIREFOX-2023-007 CVE - 2023-25743

Amazon Linux AMI 2: CVE-2023-32206: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32206 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32206

VMware Photon OS: CVE-2023-25732 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732

Amazon Linux AMI 2: CVE-2023-32212: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32212 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32212

Amazon Linux AMI 2: CVE-2023-32211: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-32211 AL2/ALAS-2023-2051 AL2/ALASFIREFOX-2023-005 CVE - 2023-32211

VMware Photon OS: CVE-2023-29550 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-29550 CVE - 2023-29550

VMware Photon OS: CVE-2023-23604 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-23604 CVE - 2023-23604

VMware Photon OS: CVE-2023-23598 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to <code>DataTransfer.setData</code>. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-23598 CVE - 2023-23598

VMware Photon OS: CVE-2023-25752 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752

VMware Photon OS: CVE-2023-23605 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605

VMware Photon OS: CVE-2023-25751 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25751 CVE - 2023-25751

VMware Photon OS: CVE-2023-25746 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746

VMware Photon OS: CVE-2023-32206 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-32206 CVE - 2023-32206

Rocky Linux: CVE-2023-23599: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-23599 CVE - 2023-23599 https://errata.rockylinux.org/RLSA-2023:0285 https://errata.rockylinux.org/RLSA-2023:0288 https://errata.rockylinux.org/RLSA-2023:0463 https://errata.rockylinux.org/RLSA-2023:0476

Rocky Linux: CVE-2023-23601: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-23601 CVE - 2023-23601 https://errata.rockylinux.org/RLSA-2023:0285 https://errata.rockylinux.org/RLSA-2023:0288 https://errata.rockylinux.org/RLSA-2023:0463 https://errata.rockylinux.org/RLSA-2023:0476

Rocky Linux: CVE-2023-23605: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-23605 CVE - 2023-23605 https://errata.rockylinux.org/RLSA-2023:0285 https://errata.rockylinux.org/RLSA-2023:0288 https://errata.rockylinux.org/RLSA-2023:0463 https://errata.rockylinux.org/RLSA-2023:0476

Rocky Linux: CVE-2023-25746: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Rocky Linux: CVE-2023-25752: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25752 CVE - 2023-25752 https://errata.rockylinux.org/RLSA-2023:1336 https://errata.rockylinux.org/RLSA-2023:1337 https://errata.rockylinux.org/RLSA-2023:1403 https://errata.rockylinux.org/RLSA-2023:1407

Rocky Linux: CVE-2023-25730: thunderbird (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Rocky Linux: CVE-2023-0616: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-0616 CVE - 2023-0616 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Rocky Linux: CVE-2023-25744: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Rocky Linux: CVE-2023-25751: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25751 CVE - 2023-25751 https://errata.rockylinux.org/RLSA-2023:1336 https://errata.rockylinux.org/RLSA-2023:1337 https://errata.rockylinux.org/RLSA-2023:1403 https://errata.rockylinux.org/RLSA-2023:1407

Rocky Linux: CVE-2023-25743: thunderbird (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25743 CVE - 2023-25743 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824