ISHACK AI BOT

Gentoo Linux: CVE-2024-7518: Mozilla Firefox: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7518 CVE - 2024-7518 202412-04 202412-06 202412-13

Gentoo Linux: CVE-2024-7521: Mozilla Firefox: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521 202412-04 202412-06 202412-13

FreeBSD: VID-5D7939F6-5989-11EF-9793-B42E991FC52E (CVE-2024-7525): firefox -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 08/16/2024 Added 08/14/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7525

Gentoo Linux: CVE-2024-7005: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-7005 CVE - 2024-7005 202501-09

FreeBSD: VID-D0AC9A17-5E68-11EF-B8CC-B42E991FC52E (CVE-2024-7518): mozilla products -- spoofing attack Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/22/2024 Added 08/20/2024 Modified 01/28/2025 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7518

FreeBSD: VID-5D7939F6-5989-11EF-9793-B42E991FC52E (CVE-2024-7530): firefox -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/16/2024 Added 08/14/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7530

FreeBSD: VID-44DE1B82-662D-11EF-A51B-B42E991FC52E (CVE-2024-43111): firefox -- multiple vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/31/2024 Added 08/29/2024 Modified 01/28/2025 Description Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-43111

FreeBSD: VID-5D7939F6-5989-11EF-9793-B42E991FC52E (CVE-2024-7529): firefox -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/16/2024 Added 08/14/2024 Modified 01/28/2025 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-7529

FreeBSD: VID-05CD9F82-5426-11EF-8A0F-A8A1599412C6 (CVE-2024-7534): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-7534

Oracle Linux: CVE-2024-7528: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 128.1, and Thunderbird &lt; 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7528 CVE - 2024-7528 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Oracle Linux: CVE-2024-7529: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7529 CVE - 2024-7529 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Oracle Linux: CVE-2024-7519: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 11/13/2024 Added 10/16/2024 Modified 12/20/2024 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7519 CVE - 2024-7519 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Oracle Linux: CVE-2024-7527: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/20/2024 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Unexpected marking work at the start of sweeping could have led to a use-after-free. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

FreeBSD: VID-05CD9F82-5426-11EF-8A0F-A8A1599412C6 (CVE-2024-7535): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-7535

Gentoo Linux: CVE-2024-6995: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6995 CVE - 2024-6995 202501-09

Gentoo Linux: CVE-2024-6989: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6989 CVE - 2024-6989 202501-09

Red Hat: CVE-2024-7524: mozilla: CSP strict-dynamic bypass using web-compatibility shims (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 References CVE-2024-7524 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391

SUSE: CVE-2024-7524: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524

SUSE: CVE-2024-7246: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 12/31/2024 Added 12/30/2024 Modified 12/31/2024 Description It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. Solution(s) suse-upgrade-grpc-devel suse-upgrade-grpc-source suse-upgrade-libgrpc-1_60 suse-upgrade-libgrpc1_60 suse-upgrade-libgrpc37 suse-upgrade-libupb37 suse-upgrade-python311-grpcio suse-upgrade-upb-devel References https://attackerkb.com/topics/cve-2024-7246 CVE - 2024-7246

Gentoo Linux: CVE-2024-6999: QtWebEngine: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine References https://attackerkb.com/topics/cve-2024-6999 CVE - 2024-6999 202501-09

SUSE: CVE-2024-7519: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7519 CVE - 2024-7519

SUSE: CVE-2024-7055: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 12/31/2024 Added 12/30/2024 Modified 12/30/2024 Description A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. Solution(s) suse-upgrade-ffmpeg-4 suse-upgrade-ffmpeg-4-libavcodec-devel suse-upgrade-ffmpeg-4-libavdevice-devel suse-upgrade-ffmpeg-4-libavfilter-devel suse-upgrade-ffmpeg-4-libavformat-devel suse-upgrade-ffmpeg-4-libavresample-devel suse-upgrade-ffmpeg-4-libavutil-devel suse-upgrade-ffmpeg-4-libpostproc-devel suse-upgrade-ffmpeg-4-libswresample-devel suse-upgrade-ffmpeg-4-libswscale-devel suse-upgrade-ffmpeg-4-private-devel suse-upgrade-libavcodec58_134 suse-upgrade-libavcodec58_134-32bit suse-upgrade-libavdevice58_13 suse-upgrade-libavdevice58_13-32bit suse-upgrade-libavfilter7_110 suse-upgrade-libavfilter7_110-32bit suse-upgrade-libavformat58_76 suse-upgrade-libavformat58_76-32bit suse-upgrade-libavresample4_0 suse-upgrade-libavresample4_0-32bit suse-upgrade-libavutil56_70 suse-upgrade-libavutil56_70-32bit suse-upgrade-libpostproc55_9 suse-upgrade-libpostproc55_9-32bit suse-upgrade-libswresample3_9 suse-upgrade-libswresample3_9-32bit suse-upgrade-libswscale5_9 suse-upgrade-libswscale5_9-32bit References https://attackerkb.com/topics/cve-2024-7055 CVE - 2024-7055

SUSE: CVE-2024-7522: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522

SUSE: CVE-2024-7003: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7003 CVE - 2024-7003

Amazon Linux AMI 2: CVE-2024-7525: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-7525 AL2/ALAS-2024-2629 AL2/ALASFIREFOX-2024-030 CVE - 2024-7525