#firefox

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp.

Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file.

By Asheer Malhotra and Vitor Ventura. Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework. The implants for the new malware family are written in the Rust language for Windows and Linux. A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors. We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints. We have observed the same threat actor using the Cobalt Strike beac...

PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.

Red Hat Security Advisory 2022-5770-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Issues addressed include a spoofing vulnerability.

NanoCMS version 0.4 suffers from an authenticated remote code execution vulnerability.

Red Hat Security Advisory 2022-5767-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Issues addressed include a spoofing vulnerability.

WordPress SeatReg plugin version 1.23.0 suffers from an open redirection vulnerability.