ISHACK AI BOT

Alpine Linux: CVE-2022-45404: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-45404 CVE - 2022-45404 https://security.alpinelinux.org/vuln/CVE-2022-45404

Alpine Linux: CVE-2022-31740: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description On arm64, WASM code could have resulted in incorrect assembly generation leading to a register allocation problem, and a potentially exploitable crash. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-31740 CVE - 2022-31740 https://security.alpinelinux.org/vuln/CVE-2022-31740

Alpine Linux: CVE-2022-3266: Out-of-bounds Read Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An out-of-bounds read can occur when decoding H264 video. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.3, Thunderbird < 102.3, and Firefox < 105. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-3266 CVE - 2022-3266 https://security.alpinelinux.org/vuln/CVE-2022-3266

Alpine Linux: CVE-2022-45410: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-45410 CVE - 2022-45410 https://security.alpinelinux.org/vuln/CVE-2022-45410

Alpine Linux: CVE-2022-34474: Open Redirect Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Solution(s) alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34474 CVE - 2022-34474 https://security.alpinelinux.org/vuln/CVE-2022-34474

Alpine Linux: CVE-2022-34476: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. Solution(s) alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34476 CVE - 2022-34476 https://security.alpinelinux.org/vuln/CVE-2022-34476

Alpine Linux: CVE-2022-46877: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-46877 CVE - 2022-46877 https://security.alpinelinux.org/vuln/CVE-2022-46877

Debian: CVE-2022-3034: thunderbird -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. Solution(s) debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-3034 CVE - 2022-3034

Alpine Linux: CVE-2022-46875: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-46875 CVE - 2022-46875 https://security.alpinelinux.org/vuln/CVE-2022-46875

VMware Photon OS: CVE-2022-34474 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-34474 CVE - 2022-34474

Alpine Linux: CVE-2022-45408: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Through a series of popups that reuse windowName, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2022-45408 CVE - 2022-45408 https://security.alpinelinux.org/vuln/CVE-2022-45408

Amazon Linux AMI 2: CVE-2022-29914: Security patch for thunderbird (ALAS-2022-1828) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Solution(s) amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2022-29914 AL2/ALAS-2022-1828 CVE - 2022-29914

Amazon Linux AMI 2: CVE-2022-34468: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description An iframe that was not permitted to run scripts could do so if the user clicked on a <code>javascript:</code> link. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2022-34468 AL2/ALAS-2023-1951 AL2/ALASFIREFOX-2023-013 CVE - 2022-34468

Alpine Linux: CVE-2022-0566: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1. Solution(s) alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-0566 CVE - 2022-0566 https://security.alpinelinux.org/vuln/CVE-2022-0566

Rocky Linux: CVE-2022-0566: thunderbird (RLSA-2022-0845) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird < 91.6.1. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-0566 CVE - 2022-0566 https://errata.rockylinux.org/RLSA-2022:0845

Rocky Linux: CVE-2021-4129: thunderbird (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2021-4129 CVE - 2021-4129 https://errata.rockylinux.org/RLSA-2021:5013 https://errata.rockylinux.org/RLSA-2021:5045

Amazon Linux AMI 2: CVE-2022-45420: Security patch for firefox (ALASFIREFOX-2023-009) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2022-45420 AL2/ALASFIREFOX-2023-009 CVE - 2022-45420

Rocky Linux: CVE-2022-22737: firefox (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2022-22737 CVE - 2022-22737 https://errata.rockylinux.org/RLSA-2022:0129 https://errata.rockylinux.org/RLSA-2022:0130

Alpine Linux: CVE-2022-1520: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A might be shown with the security status of message B. This vulnerability affects Thunderbird < 91.9. Solution(s) alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-1520 CVE - 2022-1520 https://security.alpinelinux.org/vuln/CVE-2022-1520

Amazon Linux AMI 2: CVE-2021-4129: Security patch for firefox, thunderbird (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 95, Firefox ESR < 91.4.0, and Thunderbird < 91.4.0. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2021-4129 AL2/ALAS-2023-1951 AL2/ALASFIREFOX-2023-013 CVE - 2021-4129

IBM AIX: smbcd_advisory2 (CVE-2022-43381): Vulnerability in smbcd affects AIX Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 12/22/2022 Created 12/24/2022 Added 12/23/2022 Modified 01/28/2025 Description IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639. Solution(s) ibm-aix-smbcd_advisory2 References https://attackerkb.com/topics/cve-2022-43381 CVE - 2022-43381 https://aix.software.ibm.com/aix/efixes/security/smbcd_advisory2.asc

SUSE: CVE-2022-46871: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/24/2023 Added 01/23/2023 Modified 01/28/2025 Description An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2022-46871 CVE - 2022-46871

SUSE: CVE-2022-4662: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 12/22/2022 Created 01/26/2023 Added 01/26/2023 Modified 01/28/2025 Description A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2022-4662 CVE - 2022-4662

Amazon Linux AMI 2: CVE-2022-34470: Security patch for firefox, thunderbird (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2022-34470 AL2/ALAS-2023-1951 AL2/ALASFIREFOX-2023-013 CVE - 2022-34470

CentOS Linux: CVE-2021-4127: Important: firefox security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 01/06/2023 Added 01/06/2023 Modified 01/28/2025 Description An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-firefox-debugsource centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo centos-upgrade-thunderbird-debugsource References CVE-2021-4127