ISHACK AI BOT

MFSA2024-26 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.12 (CVE-2024-5702) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/17/2024 Description Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) mozilla-firefox-esr-upgrade-115_12 References https://attackerkb.com/topics/cve-2024-5702 CVE - 2024-5702 http://www.mozilla.org/security/announce/2024/mfsa2024-26.html

Gentoo Linux: CVE-2024-5693: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 08/08/2024 Added 08/07/2024 Modified 12/09/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) gentoo-linux-upgrade-dev-lang-spidermonkey gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-5693 CVE - 2024-5693 202408-02 202412-06 202412-13

OS X update for Mail (CVE-2024-23251) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An attacker with physical access may be able to leak Mail account credentials. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-23251 CVE - 2024-23251 https://support.apple.com/en-us/120903

Alma Linux: CVE-2024-5690: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 06/20/2024 Added 06/20/2024 Modified 01/30/2025 Description By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5690 CVE - 2024-5690 https://errata.almalinux.org/8/ALSA-2024-3954.html https://errata.almalinux.org/8/ALSA-2024-4036.html https://errata.almalinux.org/9/ALSA-2024-3955.html https://errata.almalinux.org/9/ALSA-2024-4002.html

OS X update for Spotlight (CVE-2024-27806) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to access sensitive user data. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_7 apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27806 CVE - 2024-27806 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120903

OS X update for Shortcuts (CVE-2024-27855) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut may be able to use sensitive data with certain actions without prompting the user. Solution(s) apple-osx-upgrade-13_6_7 apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27855 CVE - 2024-27855 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120903

CentOS Linux: CVE-2024-5702: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/19/2024 Added 06/18/2024 Modified 06/21/2024 Description Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2024-5702

Google Chrome Vulnerability: CVE-2024-3169 Use after free in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3169 CVE - 2024-3169

Google Chrome Vulnerability: CVE-2024-3175 Insufficient data validation in Extensions Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3175 CVE - 2024-3175

OS X update for IOHIDFamily (CVE-2024-27799) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app may be able to log keystrokes in other apps including those using secure input mode. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_7 apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27799 CVE - 2024-27799 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120903

Alma Linux: CVE-2024-5693: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/20/2024 Added 06/20/2024 Modified 09/19/2024 Description Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5693 CVE - 2024-5693 https://errata.almalinux.org/8/ALSA-2024-3954.html https://errata.almalinux.org/8/ALSA-2024-4036.html https://errata.almalinux.org/9/ALSA-2024-3955.html https://errata.almalinux.org/9/ALSA-2024-4002.html

Amazon Linux AMI 2: CVE-2024-31969: Security patch for sudo (ALAS-2024-2473) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 06/11/2024 Description Amazon Linux AMI 2: CVE-2024-31969: Security patch for sudo (ALAS-2024-2473) Solution(s) amazon-linux-ami-2-upgrade-sudo amazon-linux-ami-2-upgrade-sudo-debuginfo amazon-linux-ami-2-upgrade-sudo-devel References https://attackerkb.com/topics/cve-2024-31969 AL2/ALAS-2024-2473 CVE - 2024-31969

OS X update for Kernel (CVE-2024-27815) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27815 CVE - 2024-27815 https://support.apple.com/en-us/120903

Ubuntu: USN-6862-1 (CVE-2024-5697): Firefox vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 06/11/2024 Created 07/04/2024 Added 07/04/2024 Modified 01/28/2025 Description A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-5697 CVE - 2024-5697 USN-6862-1

Microsoft Office: CVE-2024-30102: Microsoft Office Remote Code Execution Vulnerability Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/10/2024 Description Microsoft Office Remote Code Execution Vulnerability Solution(s) office-click-to-run-upgrade-latest References https://attackerkb.com/topics/cve-2024-30102 CVE - 2024-30102

Ubuntu: (Multiple Advisories) (CVE-2024-5696): Thunderbird vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/24/2024 Added 06/24/2024 Modified 07/04/2024 Description By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-5696 CVE - 2024-5696 USN-6840-1 USN-6862-1

Red Hat: CVE-2024-5696: Mozilla: Memory Corruption in Text Fragments (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/11/2024 Created 06/19/2024 Added 06/18/2024 Modified 09/03/2024 Description By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-5696 RHSA-2024:3949 RHSA-2024:3950 RHSA-2024:3951 RHSA-2024:3954 RHSA-2024:3955 RHSA-2024:4002 RHSA-2024:4004 RHSA-2024:4016 RHSA-2024:4018 RHSA-2024:4036 View more

OS X update for Metal (CVE-2024-27802) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-12_7_5 apple-osx-upgrade-13_6_7 apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27802 CVE - 2024-27802 https://support.apple.com/en-us/120899 https://support.apple.com/en-us/120900 https://support.apple.com/en-us/120903

Red Hat: CVE-2024-5691: Mozilla: Sandboxed iframes were able to bypass sandbox restrictions to open a new window (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/19/2024 Added 06/18/2024 Modified 01/28/2025 Description By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-5691 RHSA-2024:3949 RHSA-2024:3950 RHSA-2024:3951 RHSA-2024:3954 RHSA-2024:3955 RHSA-2024:4002 RHSA-2024:4004 RHSA-2024:4016 RHSA-2024:4018 RHSA-2024:4036 View more

Apple Safari security update for CVE-2024-27820 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. Solution(s) apple-safari-upgrade-17_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-27820 CVE - 2024-27820 http://support.apple.com/en-us/120896

Microsoft Windows: CVE-2024-30084: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 09/06/2024 Description Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5039225 microsoft-windows-windows_10-1607-kb5039214 microsoft-windows-windows_10-1809-kb5039217 microsoft-windows-windows_10-21h2-kb5039211 microsoft-windows-windows_10-22h2-kb5039211 microsoft-windows-windows_11-21h2-kb5039213 microsoft-windows-windows_11-22h2-kb5039212 microsoft-windows-windows_11-23h2-kb5039212 microsoft-windows-windows_server_2012-kb5039260 microsoft-windows-windows_server_2012_r2-kb5039294 microsoft-windows-windows_server_2016-1607-kb5039214 microsoft-windows-windows_server_2019-1809-kb5039217 microsoft-windows-windows_server_2022-21h2-kb5039227 microsoft-windows-windows_server_2022-22h2-kb5039227 microsoft-windows-windows_server_2022-23h2-kb5039236 msft-kb5039266-a92e54b7-9bb2-44e6-b3a3-e18141c5d74c msft-kb5039266-b632b150-d987-4950-bf05-3742c4db6edc msft-kb5039274-4b011f18-4451-4108-aa15-cbb0a6178808 References https://attackerkb.com/topics/cve-2024-30084 CVE - 2024-30084 https://support.microsoft.com/help/5039211 https://support.microsoft.com/help/5039212 https://support.microsoft.com/help/5039213 https://support.microsoft.com/help/5039214 https://support.microsoft.com/help/5039217 https://support.microsoft.com/help/5039225 https://support.microsoft.com/help/5039227 https://support.microsoft.com/help/5039236 https://support.microsoft.com/help/5039260 https://support.microsoft.com/help/5039294 View more

Apple Safari security update for CVE-2024-27808 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. Solution(s) apple-safari-upgrade-17_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-27808 CVE - 2024-27808 http://support.apple.com/en-us/120896

Apple Safari security update for CVE-2024-27833 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/12/2024 Added 06/11/2024 Modified 01/28/2025 Description An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) apple-safari-upgrade-17_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-27833 CVE - 2024-27833 http://support.apple.com/en-us/120896

Google Chrome Vulnerability: CVE-2024-3176 Out of bounds write in SwiftShader Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/11/2024 Created 06/11/2024 Added 06/11/2024 Modified 01/28/2025 Description Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3176 CVE - 2024-3176

MFSA2024-25 Firefox: Security Vulnerabilities fixed in Firefox 127 (CVE-2024-5689) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 06/11/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/30/2025 Description In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a replica Firefox Screenshots page that could be used for phishing. This vulnerability affects Firefox < 127. Solution(s) mozilla-firefox-upgrade-127_0 References https://attackerkb.com/topics/cve-2024-5689 CVE - 2024-5689 http://www.mozilla.org/security/announce/2024/mfsa2024-25.html