ISHACK AI BOT

FreeBSD: VID-05CD9F82-5426-11EF-8A0F-A8A1599412C6 (CVE-2024-7550): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-ungoogled-chromium References CVE-2024-7550

MFSA2024-34 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.14 (CVE-2024-7524) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) mozilla-firefox-esr-upgrade-115_14 References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524 http://www.mozilla.org/security/announce/2024/mfsa2024-34.html

Debian: CVE-2024-6782: calibre -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 09/03/2024 Added 09/02/2024 Modified 09/02/2024 Description Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. Solution(s) debian-upgrade-calibre References https://attackerkb.com/topics/cve-2024-6782 CVE - 2024-6782

Debian: CVE-2024-7533: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/10/2024 Added 08/09/2024 Modified 01/28/2025 Description Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-7533 CVE - 2024-7533 DSA-5741-1

Debian: CVE-2024-7522: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522 DSA-5740-1

Debian: CVE-2024-7521: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521 DSA-5740-1

Debian: CVE-2024-7529: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7529 CVE - 2024-7529 DSA-5740-1

Debian: CVE-2024-7524: firefox-esr -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) debian-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524 DSA-5740-1

Debian: CVE-2024-7531: firefox-esr, nss -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) debian-upgrade-firefox-esr debian-upgrade-nss References https://attackerkb.com/topics/cve-2024-7531 CVE - 2024-7531 DSA-5740-1

Debian: CVE-2024-7527: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/08/2024 Modified 01/28/2025 Description Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7527 CVE - 2024-7527 DSA-5740-1

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7522) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7521) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

MFSA2024-34 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.14 (CVE-2024-7526) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-esr-upgrade-115_14 References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526 http://www.mozilla.org/security/announce/2024/mfsa2024-34.html

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7520) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7520 CVE - 2024-7520 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

Ubuntu: (Multiple Advisories) (CVE-2024-7529): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7529 CVE - 2024-7529 USN-6966-1 USN-6966-2 USN-6995-1

Ubuntu: (Multiple Advisories) (CVE-2024-7526): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526 USN-6966-1 USN-6966-2 USN-6995-1

Ubuntu: (Multiple Advisories) (CVE-2024-7528): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-7528 CVE - 2024-7528 USN-6966-1 USN-6966-2

Ubuntu: (Multiple Advisories) (CVE-2024-7530): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-7530 CVE - 2024-7530 USN-6966-1 USN-6966-2

Ubuntu: (Multiple Advisories) (CVE-2024-7522): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522 USN-6966-1 USN-6966-2 USN-6995-1

Ubuntu: (Multiple Advisories) (CVE-2024-7524): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-7524 CVE - 2024-7524 USN-6966-1 USN-6966-2

Ubuntu: (Multiple Advisories) (CVE-2024-7525): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7525 CVE - 2024-7525 USN-6966-1 USN-6966-2 USN-6995-1

Oracle Linux: CVE-2024-7521: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 11/13/2024 Added 10/16/2024 Modified 12/20/2024 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Incomplete WebAssembly exception handing could have led to a use-after-free. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Oracle Linux: CVE-2024-7520: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/20/2024 Description A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 128.1, and Thunderbird &lt; 128.1. The Mozilla Foundation Security Advisory describes this flaw as: A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7520 CVE - 2024-7520 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Ubuntu: (CVE-2024-7523): firefox vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 129. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-7523 CVE - 2024-7523 https://bugzilla.mozilla.org/show_bug.cgi?id=1908344 https://www.cve.org/CVERecord?id=CVE-2024-7523 https://www.mozilla.org/en-US/security/advisories/mfsa2024-33/#CVE-2024-7523 https://www.mozilla.org/security/advisories/mfsa2024-33/

Oracle Linux: CVE-2024-7526: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/24/2024 Added 10/16/2024 Modified 12/20/2024 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: ANGLE failed to initialize parameters which led to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324