ISHACK AI BOT

Gentoo Linux: CVE-2024-7525: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7525 CVE - 2024-7525 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7522: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7524: Mozilla Firefox: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7527: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7526: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7528: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7528 CVE - 2024-7528 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7533: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7533 CVE - 2024-7533 202501-09

Gentoo Linux: CVE-2024-7535: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7535 CVE - 2024-7535 202501-09

Amazon Linux AMI 2: CVE-2024-7521: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-7521 AL2/ALAS-2024-2629 AL2/ALASFIREFOX-2024-030 CVE - 2024-7521

Gentoo Linux: CVE-2024-6998: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6998 CVE - 2024-6998 202501-09

Gentoo Linux: CVE-2024-6996: QtWebEngine: Multiple Vulnerabilities Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6996 CVE - 2024-6996 202501-09

Gentoo Linux: CVE-2024-7550: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7550 CVE - 2024-7550 202501-09

FFmpeg: CVE-2024-7055: Unspecified Security Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 08/07/2024 Added 08/06/2024 Modified 08/07/2024 Description A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. Solution(s) ffmpeg-upgrade-4_3_8 ffmpeg-upgrade-4_4_5 ffmpeg-upgrade-5_1_6 ffmpeg-upgrade-6_1_2 ffmpeg-upgrade-7_0_2 References https://attackerkb.com/topics/cve-2024-7055 CVE - 2024-7055

Gentoo Linux: CVE-2024-6781: calibre: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. Solution(s) gentoo-linux-upgrade-app-text-calibre References https://attackerkb.com/topics/cve-2024-6781 CVE - 2024-6781 202409-04

Gentoo Linux: CVE-2024-6988: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6988 CVE - 2024-6988 202501-09

Debian: CVE-2024-7519: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7519 CVE - 2024-7519 DSA-5740-1

Gentoo Linux: CVE-2024-7009: calibre: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:S/C:C/I:P/A:N) Published 08/06/2024 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. Solution(s) gentoo-linux-upgrade-app-text-calibre References https://attackerkb.com/topics/cve-2024-7009 CVE - 2024-7009 202409-04

Alma Linux: CVE-2024-7527: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527 https://errata.almalinux.org/8/ALSA-2024-5391.html https://errata.almalinux.org/8/ALSA-2024-5402.html https://errata.almalinux.org/9/ALSA-2024-5322.html https://errata.almalinux.org/9/ALSA-2024-5392.html

VMware Photon OS: CVE-2024-7246 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-7246 CVE - 2024-7246

MFSA2024-34 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.14 (CVE-2024-7527) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-esr-upgrade-115_14 References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527 http://www.mozilla.org/security/announce/2024/mfsa2024-34.html

Alma Linux: CVE-2024-7518: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 01/28/2025 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7518 CVE - 2024-7518 https://errata.almalinux.org/8/ALSA-2024-5391.html https://errata.almalinux.org/8/ALSA-2024-5402.html https://errata.almalinux.org/9/ALSA-2024-5322.html https://errata.almalinux.org/9/ALSA-2024-5392.html

Gentoo Linux: CVE-2024-7536: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7536 CVE - 2024-7536 202501-09

Gentoo Linux: CVE-2024-7001: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7001 CVE - 2024-7001 202501-09

Gentoo Linux: CVE-2024-7523: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7523 CVE - 2024-7523 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7530: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7530 CVE - 2024-7530 202412-04