ISHACK AI BOT

Rocky Linux: CVE-2023-25742: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25742 CVE - 2023-25742 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Rocky Linux: CVE-2023-32211: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 https://errata.rockylinux.org/RLSA-2023:3220 https://errata.rockylinux.org/RLSA-2023:3221

Rocky Linux: CVE-2023-25737: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 https://errata.rockylinux.org/RLSA-2023:0808 https://errata.rockylinux.org/RLSA-2023:0810 https://errata.rockylinux.org/RLSA-2023:0821 https://errata.rockylinux.org/RLSA-2023:0824

Alpine Linux: CVE-2023-25730: Vulnerability in Multiple Components Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 https://security.alpinelinux.org/vuln/CVE-2023-25730

Alpine Linux: CVE-2023-25729: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-25729 CVE - 2023-25729 https://security.alpinelinux.org/vuln/CVE-2023-25729

Alpine Linux: CVE-2023-25732: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732 https://security.alpinelinux.org/vuln/CVE-2023-25732

VMware Photon OS: CVE-2023-29541 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Firefox did not properly handle downloads of files ending in <code>.desktop</code>, which can be interpreted to run attacker-controlled commands. <br>*This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions.*. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-29541 CVE - 2023-29541

VMware Photon OS: CVE-2023-25737 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737

VMware Photon OS: CVE-2023-1297 Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Consul and Consul Enterprise's cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1297 CVE - 2023-1297

Rocky Linux: CVE-2023-32205: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/02/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-32205 CVE - 2023-32205 https://errata.rockylinux.org/RLSA-2023:3220 https://errata.rockylinux.org/RLSA-2023:3221

Alpine Linux: CVE-2023-32207: Authentication Bypass by Spoofing Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 https://security.alpinelinux.org/vuln/CVE-2023-32207

Alpine Linux: CVE-2023-32211: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-32211 CVE - 2023-32211 https://security.alpinelinux.org/vuln/CVE-2023-32211

Rocky Linux: CVE-2023-32215: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-32215 CVE - 2023-32215 https://errata.rockylinux.org/RLSA-2023:3220 https://errata.rockylinux.org/RLSA-2023:3221

Alpine Linux: CVE-2023-28162: Incorrect Type Conversion or Cast Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-28162 CVE - 2023-28162 https://security.alpinelinux.org/vuln/CVE-2023-28162

Alpine Linux: CVE-2023-25728: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 https://security.alpinelinux.org/vuln/CVE-2023-25728

Rocky Linux: CVE-2023-29548: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/02/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-29548 CVE - 2023-29548 https://errata.rockylinux.org/RLSA-2023:1802 https://errata.rockylinux.org/RLSA-2023:1809

Alpine Linux: CVE-2023-25739: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-25739 CVE - 2023-25739 https://security.alpinelinux.org/vuln/CVE-2023-25739

VMware Photon OS: CVE-2023-25734 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25734 CVE - 2023-25734

VMware Photon OS: CVE-2023-25744 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25744 CVE - 2023-25744

VMware Photon OS: CVE-2023-25741 Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25741 CVE - 2023-25741

Alpine Linux: CVE-2023-28176: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-28176 CVE - 2023-28176 https://security.alpinelinux.org/vuln/CVE-2023-28176

VMware Photon OS: CVE-2023-25745 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25745 CVE - 2023-25745

VMware Photon OS: CVE-2023-1945 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-1945 CVE - 2023-1945

Rocky Linux: CVE-2023-32207: thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2023-32207 CVE - 2023-32207 https://errata.rockylinux.org/RLSA-2023:3220 https://errata.rockylinux.org/RLSA-2023:3221

Alpine Linux: CVE-2023-29550: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2023-29550 CVE - 2023-29550 https://security.alpinelinux.org/vuln/CVE-2023-29550