Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2021:4605: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es):

  • Mozilla: Use-after-free in HTTP2 Session object
  • Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3
  • Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503)
  • Mozilla: Use-after-free in file picker dialog (CVE-2021-38504)
  • Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506)
  • Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507)
  • Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508)
  • Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
  • CVE-2021-38503: Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
  • CVE-2021-38504: Mozilla: Use-after-free in file picker dialog
  • CVE-2021-38506: Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning
  • CVE-2021-38507: Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports
  • CVE-2021-38508: Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing
  • CVE-2021-38509: Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain
Red Hat Security Data
#vulnerability#web#linux#red_hat#java

Related news

RHSA-2021:4598: Red Hat Security Advisory: annobin security update

An update for annobin is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Reference...

RHSA-2021:4607: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypas...

RHSA-2021:4591: Red Hat Security Advisory: gcc-toolset-11-annobin security update

An update for gcc-toolset-11-annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. ...

RHSA-2021:4592: Red Hat Security Advisory: gcc-toolset-10-annobin security update

An update for gcc-toolset-10-annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. ...

RHSA-2021:4593: Red Hat Security Advisory: annobin security update

An update for annobin is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs: *...

RHSA-2021:4600: Red Hat Security Advisory: annobin security update

An update for annobin is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Reference...

RHSA-2021:4589: Red Hat Security Advisory: gcc-toolset-10-annobin security update

An update for gcc-toolset-10-annobin is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed i...

RHSA-2021:4599: Red Hat Security Advisory: annobin security update

An update for annobin is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the Reference...

RHSA-2021:4134: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38...

RHSA-2021:4130: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38...

RHSA-2021:4132: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted o...

RHSA-2021:4133: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted o...

RHSA-2021:4123: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy o...

RHSA-2021:4116: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy o...