ISHACK AI BOT

Oracle Linux: CVE-2024-7525: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. The Mozilla Foundation Security Advisory describes this flaw as: It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7525 CVE - 2024-7525 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

FreeBSD: (Multiple Advisories) (CVE-2024-7532): qt5-webengine -- Multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-7532

Ubuntu: USN-6946-1 (CVE-2024-41990): Django vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters. Solution(s) ubuntu-pro-upgrade-python-django ubuntu-pro-upgrade-python3-django References https://attackerkb.com/topics/cve-2024-41990 CVE - 2024-41990 USN-6946-1

Amazon Linux AMI 2: CVE-2024-7524: Security patch for firefox (ALASFIREFOX-2024-030) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 09/20/2024 Added 09/19/2024 Modified 01/30/2025 Description Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection.On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack on some of the shims and achieved XSS, bypassing the CSP strict-dynamic protection. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2024-7524 AL2/ALASFIREFOX-2024-030 CVE - 2024-7524

Oracle Linux: CVE-2024-7518: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 128.1, and Thunderbird &lt; 128.1. The Mozilla Foundation Security Advisory describes this flaw as: Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7518 CVE - 2024-7518 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

Ubuntu: USN-6946-1 (CVE-2024-42005): Django vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. Solution(s) ubuntu-upgrade-python3-django References https://attackerkb.com/topics/cve-2024-42005 CVE - 2024-42005 USN-6946-1

Red Hat: CVE-2024-7522: mozilla: Out of bounds read in editor component (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7522 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7528: mozilla: Use-after-free in IndexedDB (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7528 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7518: mozilla: Fullscreen notification dialog can be obscured by document content (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7518 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7521: mozilla: Incomplete WebAssembly exception handing (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7521 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7526: mozilla: Uninitialized memory used by WebGL (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/19/2024 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7526 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7519: mozilla: Out of bounds memory access in graphics shared memory handling (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7519 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Red Hat: CVE-2024-7525: mozilla: Missing permission check when creating a StreamFilter (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/23/2024 Added 08/22/2024 Modified 09/13/2024 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-7525 RHSA-2024:5322 RHSA-2024:5328 RHSA-2024:5329 RHSA-2024:5391 RHSA-2024:5392 RHSA-2024:5394 RHSA-2024:5396 RHSA-2024:5402 View more

Oracle Linux: CVE-2024-7522: ELSA-2024-5392:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/20/2024 Description Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox &lt; 129, Firefox ESR &lt; 115.14, Firefox ESR &lt; 128.1, Thunderbird &lt; 128.1, and Thunderbird &lt; 115.14. The Mozilla Foundation Security Advisory describes this flaw as: Editor code failed to check an attribute value. This could have led to an out-of-bounds read. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7522 CVE - 2024-7522 ELSA-2024-5392 ELSA-2024-5322 ELSA-2024-5391 ELSA-2024-5402 ELSA-2024-5324

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7526) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7529) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7529 CVE - 2024-7529 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

MFSA2024-35 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.1 (CVE-2024-7519) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-esr-upgrade-128_1 References https://attackerkb.com/topics/cve-2024-7519 CVE - 2024-7519 http://www.mozilla.org/security/announce/2024/mfsa2024-35.html

SUSE: CVE-2024-6996: SUSE Linux Security Advisory Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-6996 CVE - 2024-6996

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7525) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7525 CVE - 2024-7525 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

SUSE: CVE-2024-7526: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/28/2025 Description ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-sle suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-7526 CVE - 2024-7526

FreeBSD: VID-44DE1B82-662D-11EF-A51B-B42E991FC52E (CVE-2024-43113): firefox -- multiple vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/06/2024 Created 08/31/2024 Added 08/29/2024 Modified 01/28/2025 Description The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-43113

SUSE: CVE-2024-7535: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-gn suse-upgrade-rust-bindgen References https://attackerkb.com/topics/cve-2024-7535 CVE - 2024-7535

MFSA2024-38 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.14 (CVE-2024-7521) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 02/14/2025 Description Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) mozilla-thunderbird-upgrade-115_14 References https://attackerkb.com/topics/cve-2024-7521 CVE - 2024-7521 http://www.mozilla.org/security/announce/2024/mfsa2024-38.html

MFSA2024-33 Firefox: Security Vulnerabilities fixed in Firefox 129 (CVE-2024-7531) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 08/06/2024 Created 08/08/2024 Added 08/07/2024 Modified 01/28/2025 Description Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, and Firefox ESR < 128.1. Solution(s) mozilla-firefox-upgrade-129_0 References https://attackerkb.com/topics/cve-2024-7531 CVE - 2024-7531 http://www.mozilla.org/security/announce/2024/mfsa2024-33.html

Ubuntu: (Multiple Advisories) (CVE-2024-7519): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/06/2024 Created 08/20/2024 Added 08/20/2024 Modified 01/28/2025 Description Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7519 CVE - 2024-7519 USN-6966-1 USN-6966-2 USN-6995-1