ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-6213): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2023-6213 CVE - 2023-6213 USN-6509-1 USN-6509-2

Ubuntu: (Multiple Advisories) (CVE-2023-6204): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204 USN-6509-1 USN-6509-2 USN-6515-1

Ubuntu: (Multiple Advisories) (CVE-2023-6209): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/25/2023 Added 11/24/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209 USN-6509-1 USN-6509-2 USN-6515-1

F5 Networks: CVE-2023-45886: K000137315: ZebOS BGP vulnerability CVE-2023-45886 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-45886 CVE - 2023-45886 https://my.f5.com/manage/s/article/K000137315

Amazon Linux AMI 2: CVE-2023-6206: Security patch for firefox, thunderbird (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6206 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6206

Amazon Linux AMI 2: CVE-2023-6212: Security patch for firefox, thunderbird (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6212 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6212

Amazon Linux AMI 2: CVE-2023-6204: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6204 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6204

Amazon Linux AMI 2: CVE-2023-6209: Security patch for firefox, thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2023-6209 AL2/ALAS-2024-2379 AL2/ALASFIREFOX-2024-019 CVE - 2023-6209

MFSA2023-49 Firefox: Security Vulnerabilities fixed in Firefox 120 (CVE-2023-6207) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-upgrade-120_0 References https://attackerkb.com/topics/cve-2023-6207 CVE - 2023-6207 http://www.mozilla.org/security/announce/2023/mfsa2023-49.html

MFSA2023-50 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.5.0 (CVE-2023-6205) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-firefox-esr-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205 http://www.mozilla.org/security/announce/2023/mfsa2023-50.html

CentOS Linux: CVE-2023-6212: Important: thunderbird security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-6212

Debian: CVE-2023-6212: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6212 CVE - 2023-6212 DLA-3661-1 DSA-5561-1

Debian: CVE-2023-6205: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205 DLA-3661-1 DSA-5561-1

Gentoo Linux: CVE-2023-6207: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-6207 CVE - 2023-6207 202402-25

Rocky Linux: CVE-2023-6209: thunderbird (RLSA-2023-7500) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Gentoo Linux: CVE-2023-6205: Mozilla Thunderbird: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 11/21/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/28/2025 Description It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-6205 CVE - 2023-6205 202402-25

Rocky Linux: CVE-2023-6206: thunderbird (RLSA-2023-7500) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/21/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-6207: Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-6207 RHSA-2023:7499 RHSA-2023:7500 RHSA-2023:7501 RHSA-2023:7503 RHSA-2023:7504 RHSA-2023:7505 RHSA-2023:7506 RHSA-2023:7507 RHSA-2023:7508 RHSA-2023:7509 RHSA-2023:7510 RHSA-2023:7511 RHSA-2023:7512 RHSA-2023:7577 View more

Red Hat: CVE-2023-6204: Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-6204 RHSA-2023:7499 RHSA-2023:7500 RHSA-2023:7501 RHSA-2023:7503 RHSA-2023:7504 RHSA-2023:7505 RHSA-2023:7506 RHSA-2023:7507 RHSA-2023:7508 RHSA-2023:7509 RHSA-2023:7510 RHSA-2023:7511 RHSA-2023:7512 RHSA-2023:7577 View more

MFSA2023-52 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.5 (CVE-2023-6209) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) mozilla-thunderbird-upgrade-115_5 References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209 http://www.mozilla.org/security/announce/2023/mfsa2023-52.html

Alma Linux: CVE-2023-6204: Important: thunderbird security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6204 CVE - 2023-6204 https://errata.almalinux.org/8/ALSA-2023-7500.html https://errata.almalinux.org/8/ALSA-2023-7508.html https://errata.almalinux.org/9/ALSA-2023-7501.html https://errata.almalinux.org/9/ALSA-2023-7507.html

Red Hat: CVE-2023-6209: Mozilla: Incorrect parsing of relative URLs starting with "///" (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-6209 RHSA-2023:7499 RHSA-2023:7500 RHSA-2023:7501 RHSA-2023:7503 RHSA-2023:7504 RHSA-2023:7505 RHSA-2023:7506 RHSA-2023:7507 RHSA-2023:7508 RHSA-2023:7509 RHSA-2023:7510 RHSA-2023:7511 RHSA-2023:7512 RHSA-2023:7577 View more

ownCloud Phpinfo Reader Disclosed 11/21/2023 Created 12/05/2023 Description Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app `graph` installed contain a test file which prints `phpinfo()` to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker may export sensitive environment variables including ownCloud, DB, redis, SMTP, and S3 credentials, as well as other host information. Author(s) h00die creacitysec Ron Bowes random-robbie Christian Fischer Development Source Code History

Alma Linux: CVE-2023-6209: Important: thunderbird security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/21/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/30/2025 Description Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-6209 CVE - 2023-6209 https://errata.almalinux.org/8/ALSA-2023-7500.html https://errata.almalinux.org/8/ALSA-2023-7508.html https://errata.almalinux.org/9/ALSA-2023-7501.html https://errata.almalinux.org/9/ALSA-2023-7507.html

Red Hat: CVE-2023-6206: Mozilla: Clickjacking permission prompts using the fullscreen transition (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 11/21/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-6206 RHSA-2023:7499 RHSA-2023:7500 RHSA-2023:7501 RHSA-2023:7503 RHSA-2023:7504 RHSA-2023:7505 RHSA-2023:7506 RHSA-2023:7507 RHSA-2023:7508 RHSA-2023:7509 RHSA-2023:7510 RHSA-2023:7511 RHSA-2023:7512 RHSA-2023:7577 View more