‼ CVE-2023-4583 ‼
📖 Read
via "National Vulnerability Database".
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-35845 ‼
📖 Read
via "National Vulnerability Database".
Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4573 ‼
📖 Read
via "National Vulnerability Database".
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4578 ‼
📖 Read
via "National Vulnerability Database".
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4580 ‼
📖 Read
via "National Vulnerability Database".
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4579 ‼
📖 Read
via "National Vulnerability Database".
Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-40040 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-42470 ‼
📖 Read
via "National Vulnerability Database".
The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4581 ‼
📖 Read
via "National Vulnerability Database".
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4585 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4816 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4582 ‼
📖 Read
via "National Vulnerability Database".
Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. *This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2023-42471 ‼
📖 Read
via "National Vulnerability Database".
The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4574 ‼
📖 Read
via "National Vulnerability Database".
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4584 ‼
📖 Read
via "National Vulnerability Database".
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-36161 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.📖 Read
via "National Vulnerability Database".
🕴 Overcoming the Rising Threat of Session Hijacking 🕴
📖 Read
via "Dark Reading".
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.📖 Read
via "Dark Reading".
Dark Reading
Overcoming the Rising Threat of Session Hijacking
Passkeys and multifactor authentication aren't enough for combating infostealer malware, which can exfiltrate corporate data before anyone knows an attack happened.
🕴 Navigating Rwanda's New Data Protection Law 🕴
📖 Read
via "Dark Reading".
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.📖 Read
via "Dark Reading".
Dark Reading
Navigating Rwanda's New Data Protection Law
As the law's October 2023 transition deadline approaches, it's critical for organizations doing business in Rwanda to understand its requirements and implications.
‼ CVE-2023-30058 ‼
📖 Read
via "National Vulnerability Database".
novel-plus 3.6.2 is vulnerable to SQL Injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-4881 ‼
📖 Read
via "National Vulnerability Database".
A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.📖 Read
via "National Vulnerability Database".
🕴 Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs 🕴
📖 Read
via "Dark Reading".
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.📖 Read
via "Dark Reading".
Dark Reading
Iranian APT Hits US Aviation Org via ManageEngine, Fortinet Bugs
Known security vulnerabilities in the enterprise products allowed unauthorized access through a public-facing application, US Cyber Command said.