Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46885: Security Vulnerabilities fixed in Firefox 106

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106.

CVE
#vulnerability#web#google#dos#js#firefox

Mozilla Foundation Security Advisory 2022-44

Announced

October 18, 2022

Impact

high

Products

Firefox

Fixed in

  • Firefox 106

This advisory was updated December 13, 2022 to add CVE-2022-46881 and CVE-2022-46885. Both fixes were included in the original release of Firefox 106, but did not appear in the advisory published at that time.

#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin URLs

Reporter

James Lee

Impact

high

Description

A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries().

References

  • Bug 1789128

#CVE-2022-42928: Memory Corruption in JS Engine

Reporter

Samuel Groß and Carl Smith of Google V8 Security

Impact

high

Description

Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash.

References

  • Bug 1791520

#CVE-2022-46881: Memory corruption in WebGL

Reporter

Karl and an Anonymous ASAN Nightly User

Impact

high

Description

An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.
Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106.

References

  • Bug 1770930

#CVE-2022-42929: Denial of Service via window.print

Reporter

Andrei Enache

Impact

moderate

Description

If a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user’s session restore settings.

References

  • Bug 1789439

#CVE-2022-42930: Race condition in DOM Workers

Reporter

Armin Ebert

Impact

moderate

Description

If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the ThirdPartyUtil component.

References

  • Bug 1789503

#CVE-2022-42931: Username saved to a plaintext file on disk

Reporter

Sergey Galich

Impact

low

Description

Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk.

References

  • Bug 1780571

#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

Reporter

Mozilla developers and community

Impact

moderate

Description

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

  • Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

#CVE-2022-46885: Memory safety bugs fixed in Firefox 106

Reporter

Mozilla developers

Impact

moderate

Description

Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

  • Memory safety bugs fixed in Firefox 106

Related news

Ubuntu Security Notice USN-5824-1

Ubuntu Security Notice 5824-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

CVE-2022-42932: Bug List

Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.

Debian Security Advisory 5303-1

Debian Linux Security Advisory 5303-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.

Red Hat Security Advisory 2022-9076-01

Red Hat Security Advisory 2022-9076-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9070-01

Red Hat Security Advisory 2022-9070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9078-01

Red Hat Security Advisory 2022-9078-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9079-01

Red Hat Security Advisory 2022-9079-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2022-9065-01

Red Hat Security Advisory 2022-9065-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.6.0 ESR. Issues addressed include a use-after-free vulnerability.

RHSA-2022:9078: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been tr...

RHSA-2022:9080: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious exten...

RHSA-2022:9076: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45414: Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content * CVE-2022-46872: Mozi...

RHSA-2022:9065: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46872: Mozilla: Arbitrary file read from a compromised content process * CVE-2022-46874: Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions * CVE-2022-46878: Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 * CVE-2022-46880: Mozilla: Use-after-free in WebGL * CVE-2022-46881: Mozilla: Memory...

Ubuntu Security Notice USN-5709-2

Ubuntu Security Notice 5709-2 - USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

Ubuntu Security Notice USN-5709-2

Ubuntu Security Notice 5709-2 - USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

Ubuntu Security Notice USN-5709-1

Ubuntu Security Notice 5709-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

Ubuntu Security Notice USN-5709-1

Ubuntu Security Notice 5709-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

Ubuntu Security Notice USN-5709-1

Ubuntu Security Notice 5709-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.

Gentoo Linux Security Advisory 202210-34

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

Gentoo Linux Security Advisory 202210-34

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

Gentoo Linux Security Advisory 202210-34

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

Gentoo Linux Security Advisory 202210-34

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

Gentoo Linux Security Advisory 202210-34

Gentoo Linux Security Advisory 202210-34 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.4.0:esr are affected.

Debian Security Advisory 5262-1

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5262-1

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5262-1

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5262-1

Debian Linux Security Advisory 5262-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7183-01

Red Hat Security Advisory 2022-7183-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7178-01

Red Hat Security Advisory 2022-7178-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7178-01

Red Hat Security Advisory 2022-7178-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7178-01

Red Hat Security Advisory 2022-7178-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7190-01

Red Hat Security Advisory 2022-7190-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7190-01

Red Hat Security Advisory 2022-7190-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7190-01

Red Hat Security Advisory 2022-7190-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7190-01

Red Hat Security Advisory 2022-7190-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.4.0. Issues addressed include a denial of service vulnerability.

RHSA-2022:7184: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39236: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue * CVE-2022-39249: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251: ...

RHSA-2022:7184: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39236: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue * CVE-2022-39249: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251: ...

RHSA-2022:7184: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39236: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue * CVE-2022-39249: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251: ...

RHSA-2022:7184: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39236: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a data corruption issue * CVE-2022-39249: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to an impersonation attack by malicious server administrators * CVE-2022-39250: Mozilla: Matrix SDK bundled with Thunderbird vulnerable to a device verification attack * CVE-2022-39251: ...

Red Hat Security Advisory 2022-7070-01

Red Hat Security Advisory 2022-7070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7070-01

Red Hat Security Advisory 2022-7070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7070-01

Red Hat Security Advisory 2022-7070-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7071-01

Red Hat Security Advisory 2022-7071-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7069-01

Red Hat Security Advisory 2022-7069-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2022-7066-01

Red Hat Security Advisory 2022-7066-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.4.0 ESR. Issues addressed include a denial of service vulnerability.

RHSA-2022:7070: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42927: Mozilla: Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928: Mozilla: Memory Corruption in JS Engine * CVE-2022-42929: Mozilla: Denial of Service via window.print * CVE-2022-42932: Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

RHSA-2022:7066: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42927: Mozilla: Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928: Mozilla: Memory Corruption in JS Engine * CVE-2022-42929: Mozilla: Denial of Service via window.print * CVE-2022-42932: Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

RHSA-2022:7066: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42927: Mozilla: Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928: Mozilla: Memory Corruption in JS Engine * CVE-2022-42929: Mozilla: Denial of Service via window.print * CVE-2022-42932: Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

RHSA-2022:7066: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42927: Mozilla: Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928: Mozilla: Memory Corruption in JS Engine * CVE-2022-42929: Mozilla: Denial of Service via window.print * CVE-2022-42932: Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

RHSA-2022:7066: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-42927: Mozilla: Same-origin policy violation could have leaked cross-origin URLs * CVE-2022-42928: Mozilla: Memory Corruption in JS Engine * CVE-2022-42929: Mozilla: Denial of Service via window.print * CVE-2022-42932: Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907