A dangling pointer vulnerability is present in WebRTC's PacketRouter due to an SDP SIM group SSRC from one track (e.g., video) colliding with an existing SSRC from a different track (e.g., audio). This inconsistency between the send_modules_map_ and the send_modules_list_ can lead to a use after free.

WebRTC PacketRouter Dangling Entry

m-privacy TightGate-Pro suffers from code execution, insecure permissions, deletion mitigation, and outdated server vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20231122-0 >  
=======================================================================  
               title: Multiple Vulnerabilities  
             product: m-privacy TightGate-Pro  
  vulnerable version: Rolling Release, servers with the following package  
                      versions are vulnerable:  
                      tightgatevnc < 4.1.2~1  
                      rsbac-policy-tgpro < 2.0.159  
                      mprivacy-tools < 2.0.406g  
       fixed version: Servers with the following package versions and higher:  
                      mprivacy-tools_2.0.406g  
                      tightgatevnc_4.1.2~1  
                      rsbac-policy-tgpro_2.0.159  
          CVE number: CVE-2023-47250, CVE-2023-47251  
              impact: high  
            homepage: https://www.m-privacy.de/en/tightgate-pro-safe-surfing/  
               found: 2023-08-18  
                  by: Daniel Hirschberger (Office Bochum)  
                      Steven Kurka (Office Essen)  
                      Marco Schillinger (Office Nürnberg)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"TightGate-Pro is a ReCoB system. ReCoBS stands for Remote-Controlled Browser  
System, literally translated 'remote-controlled web browser'. TightGate-Pro  
physically separates the web browser execution environment from the workstation.  
The system thus shields the internal network from the Internet and reliably  
and preventively prevents attacks via the web browser. TightGate-Pro is the  
strongest dedicated ReCoBS, because only physical outsourcing on a hardened  
system permanently withstands attacks. Local virtualisations, sandboxing  
systems or micro-virtualisations do not offer effective protection.  
TightGate-Pro is used in public authorities, financial institutions, industrial  
companies and critical infrastructures – in short, everywhere where “safe  
surfing on the Internet” is indispensable at the workplace and internal  
infrastructures must be reliably protected. TightGate-Pro is BSI-certified  
according to EAL3+."

Source: https://www.m-privacy.de/en/tightgate-pro-safe-surfing/

Business recommendation:  
------------------------  
The vendor provides a patch which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the product  
conducted by security professionals to identify and resolve potential further  
security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Code Execution  
Execution of single commands and scripts is possible with the privileges of  
the current user. Code execution is possible with any file type on the  
server and no specific permissions need to be set for the utilized file.

Vendor response (translated):  
"It is intended behavior to execute arbitrary bash scripts. It is not possible  
to execute arbitrary programs and libraries. There is no privilege escalation  
possible with this vulnerability."

We can confirm that it was not possible to escalate privileges during our test.

2) Access to all Desktops (CVE-2023-47250)  
Multiple users are connecting to the same TightGate-Pro server, resulting in  
one instance of the X11 window system. Due to insecure permissions of the  
X11 sockets it is possible for any user to open arbitrary windows on the  
desktop of other users for phishing attacks or installing a keylogger  
directly.

Vendor response (translated):  
"We acknowledge this issue as a important vulnerability. A fix with full  
RSBAC-Jail-Separation and changed Linux-Filesystem permissions is currently  
available in the "Prestable" packages:  
- mprivacy-tools_2.0.406g  
- tightgatevnc_4.1.2~1  
- rsbac-policy-tgpro_2.0.159  
These can be applied by the admin user "update". The updates will be provided  
automatically as Hotfix around 2023-10-24."

3) File Transfer by Abusing the Print function (CVE-2023-47251)  
TightGate-Pro allows printing PDF documents on the host system. Documents are  
transferred to the host, printed and deleted afterwards. An attacker is able  
to control the path of the transferred file and to prevent the automatic  
deletion of the file.

Vendor response (translated):  
"This is not a severe finding but we already fixed it. The fixes are available  
in the packages:  
- mprivacy-tools_2.0.406g  
- tightgatevnc_4.1.2~1

Now the .spool directly is always scanned for malicious data and the VNC- client  
does not transfer files which contain path symbols (e.g. ../)."

4) Outdated Update Server  
Based on disclosed version numbers the update server is running outdated software  
with known vulnerabilities. The criticality of this issue depends on the  
exploitability of these issues.

Vendor response (translated):  
"The old version of thttpd is already known. This is not seen as security-relevant.  
The access to the updateserver requires a previous registration of a customer-  
provided SSH key, which is only available to administrators on the TightGate-Pro  
instance. thttpd is isolated on the updateserver and can only *read* files.

Even if an attacker can write malicious updatepackages, these are still secured  
by a cryptographic signature and would not be installed on TightGate-Pro instances.  
We will eventually replace thttpd with lighthttpd which is still supported."

Proof of concept:  
-----------------  
1) Code Execution  
Code execution is possible using the context menu of any file in the VNC session  
of TightGate-Pro. Selecting "Öffnen mit" (Open with) in the context menu of any  
file and  selecting the "Benutzerdefinierte Befehlszeile" (custom commandline)  
section of the menu allows to provide a custom shell command to be executed:

[advisory_ce_open_with.png]  
[advisory_ce_custom_command.png]

At this point there are two possible options:  
In case the selected file is a bash script typing `/bin/bash` as custom command  
will execute the script. For this PoC the following script has been used:

```  
#!bin/bash  
echo poc >> /home/user/testuser/Desktop/test/PoC2.txt  
```

In case any other file is selected a complete command can be used as well.  
A possible example is listed below:  
`/bin/bash -c "echo poc >> /home/user/testuser/Desktop/test/PoC2.txt"`

According to vendor, arbitrary code execution is not possible as programs and  
libraries won't be executed.

2) Access to all Desktops (CVE-2023-47250)  
A normal user without special permissions has read and write access to all X11  
sockets stored in the temp folder of the user TightGate-Pro, visible in the  
following screenshot:

[advisory_desktop_access_x11_perms.png]

This allows any user for example to open dialogue boxes on the desktop of the  
currently connected users as shown in the following screenshots. The command  
used is listed below.

`/bin/bash -c 'for i in $(ls /home/tmpdir/tmp510/.X11-unix | cut -b 2-); do  
DISPLAY=unix:"$i".0 zenity --password --username & done;'`

[advisory_desktop_access_gui_triggered.png]

As it can be seen in the following screenshot any input to the dialogue boxes  
can be read by the attacker.

[advisory_desktop_access_result.png]

3) File Transfer by Abusing the Print function (CVE-2023-47251)  
File transfers can be triggered for PDF files which are stored in the  
`/home/user/.spool/<username>` directory. By setting a relative path as file  
name, the file can be stored in any user directory on the host system.  
In case the file name contains Unicode characters, deletion of the file is  
not executed after transfer and closing of the print prompt. To store a file  
on the user's desktop, the name `..\\..\\..\\..\\..\\Desktop\\Ỻeicar.pdf`  
can be used. The transfer can then be triggered by sending the  
signal `SIGUSR2` to the `Xtightgatevnc` process:

```  
cp eicar.pdf '/home/user/.spool/<username>/..\\..\\..\\..\\..\\Desktop\\Ỻeicar.pdf'  
pkill -u $USER --signal SIGUSR2 Xtightgatevnc  
```

In addition, this file transfer does not check if any malicious files are  
transferred to the host system. The following screenshot shows the warning of  
a malware scanner after an eicar testfile was transferred. It is therefore  
possible to circumvent the malware scanner of TightGate-Pro which only runs  
if the intended way of transfer, namely the TightGate-Schleuse, is used.

[advisory_file_transfer_mal_file.png]

4) Outdated Update Server  
Access to the update server is possible with the ssh key stored at  
`/etc/cu/id_ed25519` and ssh port forwarding. The ssh key is customized  
for each customer. Root access is needed to retrieve the key.  
The command used for the forwarding is listed below:

```  
ssh -N -L 8000:localhost:85 tgpro13@update.m-privacy.de -i id_ed25519 -v  
```

Afterwards access is possible at `http:127.0.0.1:8000`.  
The server headers return the version of the webserver:  
`thttpd/2.25b 29dec2003`

[advisory_outdated_server.png]

This version has in sum four known vulnerabilities (high and medium) listed:  
* CVE-2006-1078  
* CVE-2006-1079  
* CVE-2007-0664  
* CVE-2009-4491

Vulnerable / tested versions:  
-----------------------------  
A TightGate-Pro server with the following package versions was used  
for testing:

* tightgatevnc < 4.1.2~1  
* rsbac-policy-tgpro < 2.0.159  
* mprivacy-tools < 2.0.406g

Vendor contact timeline:  
------------------------  
2023-10-11: Contacting vendor through info@m-privacy.de via GPG  
2023-10-13: CEO of m-privacy phones us and thanks us for the advisory,  
             a developer will send us a written statement next week.  
2023-10-16: Received a written statement of their lead developer;  
             the vulnerabilities #2 (Access to all Desktops) and  
             #3 (File Transfer by Abusing the Print function) are  
             confirmed and a fix is available  
             #1 is seen as a feature not a bug, #4 is claimed to be  
             prevented by hardening measures on the server, also  
             thttpd will be replaced by lighthttpd in the future.  
2023-10-24: We ask for some clarifications regarding software  
             versions and advisory publication date.  
2023-10-29: Vendor provides software version information and asks us  
             to publish the advisory after 2023-11-06.  
2023-11-22: Public release of security advisory.

Solution:  
---------  
Install the "Prestable" packages or wait until they are available as hotfix:  
* mprivacy-tools_2.0.406g  
* tightgatevnc_4.1.2~1  
* rsbac-policy-tgpro_2.0.159

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF Daniel Hirschberger, Steven Kurka, Marco Schillinger / @2023

m-privacy TightGate-Pro Code Execution / Insecure Permissions

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

horsicq / **XMachOViewer** Public

*   Notifications
*   Fork 50
*   Star 635
    

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**License**

MIT license

635 stars 50 forks Activity

Star

Notifications

*   Code
*   Issues 2
*   Pull requests
*   Discussions
*   Actions
*   Projects
*   Security
*   Insights

Additional navigation options

master

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **5** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Git stats**

*   **12,688** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.github

Create docker-image.yml

May 24, 2021 11:42

Controls @ bde01e3

Update module: Controls 2023-11-28

November 28, 2023 00:21

Detect-It-Easy @ 361698e

Update module: Detect-It-Easy 2023-11-28

November 28, 2023 00:23

FormatDialogs @ de15ef2

Update module: FormatDialogs 2023-11-27

November 27, 2023 01:47

FormatWidgets @ e36380f

Update module: FormatWidgets 2023-11-28

November 28, 2023 00:22

Formats @ c3ce687

Update module: Formats 2023-11-28

November 28, 2023 00:22

LINUX

Fix: 2022-08-08

August 8, 2022 18:47

SpecAbstract @ 9282c42

Fix: 2023-10-04

October 4, 2023 19:31

StaticScan @ 723090f

Fix: 2023-05-23

May 23, 2023 20:34

XAboutWidget @ 8cc8adb

Fix: 2023-09-05

September 5, 2023 00:12

XArchive @ 6d85719

Update module: XArchive 2023-11-12

November 12, 2023 16:19

XCapstone @ 8c16344

Update module: XCapstone 2023-11-28

November 28, 2023 00:22

XCppfilt @ d9c2be9

Update module: XCppfilt 2023-10-18

October 18, 2023 18:34

XDEX @ 71db4b8

Fix: 2023-07-31

July 31, 2023 19:05

XDataConvertorWidget @ a776bd1

Update module: XDataConvertorWidget 2023-11-28

November 28, 2023 03:49

XDecompiler @ 3391a28

Fix: 2023-08-21

August 21, 2023 18:48

XDemangle @ c8c3172

Update module: XDemangle 2023-11-24

November 24, 2023 00:25

XDemangleWidget @ af0d823

Fix: 2023-09-29

September 29, 2023 17:36

XDisasm @ 7767f42

Fix: 2023-04-10

April 10, 2023 01:26

XDisasmView @ b81ac59

Update module: XDisasmView 2023-11-28

November 28, 2023 00:22

XDynStructs @ d67af94

Fix: 2023-03-11

March 11, 2023 22:35

XDynStructsEngine @ f90de40

Fix: 2023-03-13

March 13, 2023 05:40

XDynStructsWidget @ 2243d2a

Fix: 2023-09-11

September 11, 2023 00:08

XEntropyWidget @ 57dc917

Fix: 2023-09-25

September 25, 2023 19:09

XExtractor @ 040530e

Fix: 2023-08-04

August 4, 2023 00:19

XExtractorWidget @ 989bda3

Fix: 2023-09-25

September 25, 2023 18:34

XFileInfo @ e1535c6

Fix: 2023-09-25

September 25, 2023 18:47

XGithub @ e66b9dc

Fix: 2023-03-15

March 15, 2023 06:09

XHashWidget @ 86c77b4

Fix: 2023-09-25

September 25, 2023 19:12

XHexEdit @ 04d9067

Fix: 2023-07-27

July 27, 2023 00:30

XHexView @ 9a4b88a

Update module: XHexView 2023-11-28

November 28, 2023 00:22

XInfoDB @ df88dd6

Update module: XInfoDB 2023-11-28

November 28, 2023 00:22

XLLVMDemangler @ 9f9ca2e

Fix: 2023-03-11

March 11, 2023 23:13

XMemoryMapWidget @ ce52b89

Update module: XMemoryMapWidget 2023-11-10

November 10, 2023 00:21

XOnlineTools @ 834247c

Fix: 2023-09-25

September 25, 2023 18:44

XOptions @ 4a25fe9

Update module: XOptions 2023-11-28

November 28, 2023 00:22

XPDF @ 74f8435

Fix: 2023-08-11

August 11, 2023 00:39

XQwt @ 0a1a424

Fix: 2023-07-08

July 8, 2023 00:45

XShortcuts @ 5dc4922

Update module: XShortcuts 2023-11-25

November 25, 2023 12:11

XStyles @ 62e634b

Fix: 2023-10-02

October 2, 2023 16:22

XSymbolsWidget @ d8fe2aa

Fix: 2023-09-05

September 5, 2023 00:15

XTranslation @ a16af1d

Update module: XTranslation 2023-11-20

November 20, 2023 00:21

XUpdate @ 5c69107

Fix: 2023-04-10

April 10, 2023 21:46

XVisualizationWidget @ 1d78c38

Fix: 2023-09-25

September 25, 2023 18:38

XYara @ cb9b124

Update module: XYara 2023-10-23

October 23, 2023 18:32

archive\_widget @ 289ba6b

Fix: 2023-09-07

September 7, 2023 14:32

build\_libs

Fix: 2023-05-22

May 22, 2023 18:12

build\_tools @ 14c6d42

Update module: build\_tools 2023-11-02

November 2, 2023 18:29

die\_script @ 490a8cb

Update module: die\_script 2023-11-26

November 26, 2023 00:22

die\_widget @ 2cc7014

Update module: die\_widget 2023-11-23

November 23, 2023 08:52

docs

Format RUN.md

October 13, 2023 02:57

gui\_source

Fix: 2023-09-05

September 5, 2023 00:09

hex\_templates @ dff5b39

Fix: 2023-03-11

March 11, 2023 23:02

icons

Fix: 2022-08-08

August 8, 2022 18:47

images/thanks

Fix: 2023-09-08

September 8, 2023 00:50

mascots

Fix: 2021-05-05

May 5, 2021 18:10

nfd\_widget @ 0258f38

Update module: nfd\_widget 2023-10-17

October 17, 2023 18:52

signatures @ b8f9793

Fix: 2023-03-11

March 11, 2023 22:35

yara\_widget @ 5180c67

Update module: yara\_widget 2023-10-18

October 18, 2023 18:35

.gitmodules

Add new module

November 26, 2023 00:08

CMakeLists.txt

Fix: 2023-05-22

May 22, 2023 18:12

Dockerfile

Fix: 2021-05-24

May 24, 2021 12:04

LICENSE

Fix: 2023-02-18

February 18, 2023 00:08

README.md

Update README.md

October 16, 2023 22:03

THANKS.md

Fix: 2023-09-08

September 8, 2023 00:50

build.pri

Fix: 2023-03-14

March 14, 2023 08:11

build\_dpkg.sh

Fix: 2022-08-12

August 12, 2022 16:39

build\_mac.sh

Fix: 2022-08-05

August 5, 2022 15:28

build\_msvc\_win32.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_win64.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_winxp.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_win32.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win64.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win\_generic.cmd

Fix: 2022-08-05

August 5, 2022 15:28

changelog.txt

Fix: 2022-07-19

July 19, 2022 18:10

configure

Fix: 2022-08-02

August 2, 2022 16:30

configure.ac

Fix: 2022-08-02

August 2, 2022 16:30

create\_appimage.sh

Fix: 2022-08-05

August 5, 2022 18:12

global.h

Fix: 2023-04-02

April 2, 2023 13:55

install.iss

Fix: 2022-05-24

May 24, 2022 18:22

install.sh

Fix: 2022-08-05

August 5, 2022 15:28

release\_version.txt

Fix: 2022-07-19

July 19, 2022 18:10

xmachoviewer\_source.pro

Fix: 2022-01-24

January 24, 2022 18:44

MachO file viewer/editor for Windows, Linux and macOS. Features Downloads Building Usage Changelog You can help with translation! Special Thanks

**README.md**

   

**MachO file viewer/editor for Windows, Linux and macOS.****Features**

*   Heuristic scan
*   String viewer
*   Hex viewer
*   Disasm viewer(x86/64,ARM,PPC,m68k)
*   Entropy viewer
*   Hash viewer
*   Crypto search
*   Name demangling

**Downloads**

XMachOViewer can be downloaded from the releases page.

**Building**

Build instructions can be found in BUILD.md.

**Usage**

Instructions to use xmachoviewer - The GUI version can be found in RUN.md.

**Changelog**

Changelog can be found in changelog.txt.

**You can help with translation!**

Follow This link.

       

**Special Thanks**

*   PELock Software Protection & Reverse Engineering

**About**

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**Topics**

reverse-engineering macho hacktoberfest macho-parser osx-application machoexplorer machoview macho-loader macho64 hacktoberfest2023

**Resources**

Readme

**License**

MIT license

Activity

**Stars**

**635** stars

**Watchers**

**13** watching

**Forks**

**50** forks

Report repository

**Releases 5**

0.04 Latest

Aug 6, 2022

\+ 4 releases

**Sponsor this project**

Learn more about GitHub Sponsors

**Packages**

No packages published  

**Contributors 3**

*    **horsicq** Hors
*    **mdhvg** Madhav Goyal
*    **omimakhare** OMKAR MAKHARE

**Languages**

*   C++ 37.5%
*   QMake 33.1%
*   Batchfile 10.0%
*   Shell 8.0%
*   CMake 5.1%
*   M4 2.0%
*   Other 4.3%

CVE-2023-49313: GitHub - horsicq/XMachOViewer: XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

**Já disponível: a Asana Intelligence se juntou à equipe com um jeito mais inteligente de trabalharSaiba mais**

Asana Home

**Navigation Instructions**Use left and right arrow keys to navigate between columns.Use up and down arrow keys to move between submenu items.Use Escape to close the menu.

*   **Por que a Asana?**
    
    *   Crie planejamentos de projetos, coordene as tarefas e cumpra todos os prazos
    *   Planeje e faça a gestão de campanhas, lançamentos e muito mais
    *   Desenvolva, expanda e agilize os processos para melhorar a eficiência
    *   Melhore a clareza, o foco e o crescimento pessoal
    *   Elabore roteiros, planeje sprints, faça a gestão dos envios e dos lançamentos
    
    **Para o seu fluxo de trabalho**
    
    *   Planeje, monitore e faça a gestão dos projetos da sua equipe do início ao fim
    *   Crie, lance e monitore as suas campanhas de marketing
    *   Projete, revise e entregue trabalhos inspiradores
    *   Acompanhamento de solicitações
        
        Monitore, priorize e processe as solicitações das equipes
    
    *   Colabore e faça a gestão do trabalho de qualquer lugar
    *   Seja mais consciente em relação à forma como administra o seu tempo
    *   Crie com rapidez, entregue com frequência, e monitore tudo de um só lugar
    *   Veja todos os fluxos de trabalho
        
    
    **Modelos**
    
    *   Página inicial dos modelos
        
        Comece com o pé direito usando modelos elaborados para as suas necessidades
    
*   **Principais funcionalidades**
    
    *   Asana Intelligence Novidade
        
        Amplie o impacto da sua equipe com a IA para Asana
    *   Construtor de fluxo de trabalho
        
        Crie processos automatizados para coordenar as equipes
    *   Crie em poucos minutos um atraente diagrama de Gantt
    *   Acompanhe o andamento do trabalho nos quadros Kanban
    
    *   Use um calendário compartilhado para visualizar o trabalho da equipe
    *   Integrações de aplicativos
        
        Descubra como a Asana integra múltiplos aplicativos para apoiar a sua equipe
    *   Acompanhe o progresso de qualquer fluxo de trabalho em tempo real
    *   Estabeleça metas estratégicas e monitore o progresso delas em um único lugar
    
    *   Envie e faça a gestão das solicitações de trabalho em um único lugar
    *   Agilize os processos, reduza os erros e perca menos tempo com as tarefas de rotina
    *   Veja a carga de trabalho dos membros da equipe nos diversos projetos
    *   Veja todas as funcionalidades
        
    
    **Todos os planos**
    
    *   Ideal para usuários individuais e pequenas equipes que desejam gerir as suas tarefas
    *   Ideal para as equipes em crescimento que precisam monitorar o progresso dos seus projetos e cumprir prazos
    *   Ideal para as empresas que precisam gerir um portfólio de trabalhos e metas de diversos departamentos
    *   
    
*   **Aprendizagem**
    
    *   Recursos para a gestão do trabalho
        
        Conheça boas práticas, assista a webinários, obtenha insights
    *   Saiba mais sobre o que há de melhor e mais recente na Asana
    *   Explore diversas dicas, truques e sugestões para obter o máximo da Asana
    *   Inscreva-se em cursos interativos e webinários para aprender a usar a Asana
    *   Blog Nos bastidores da Asana
        
        Descubra as novidades mais recentes da Asana sobre o produto e a empresa
    
    **Conexão**
    
    *   Saiba mais sobre os próximos eventos que ocorrerão perto de você
    *   Conecte-se e aprenda com outros clientes da Asana ao redor do mundo
    *   Precisa de ajuda? Entre em contato com a equipe de Suporte da Asana
    *   Saiba mais sobre os programas dos nossos parceiros
    
    *   Descubra como desenvolver aplicativos na plataforma da Asana
    *   Asana para entidades sem fins lucrativos
        
        Obtenha mais informações e candidate-se ao nosso programa de descontos para organizações sem fins lucrativos.
    *   Asana para instituições de ensino
        
        Obtenha mais informações e candidate-se ao nosso programa de descontos para instituições de ensino.
    
    **Leituras em destaque**
    
    *   Apresentamos a Asana Intelligence:  
        a IA se juntou à equipe  
        ,DemonstraçãoAssista agora
        
    *   Promova o impacto dos funcionários: novas ferramentas para capacitar lideranças resilientes,RelatórioLeia mais
        
    *   Anatomia do trabalho: Índice global de 2023,RelatórioLeia mais
        
    
*   Enterprise
*   Preços

*   Fale com Vendas
*   Ver uma demonstração
*   Baixar o aplicativo

Aplicativo móvel

**Asana para iOS**

Aplicativo móvel

**Asana para Android**

Aplicativo móvel

**Asana para iOS**

Aplicativo móvel

**Asana para Android**

**Recursos na ponta dos seus dedos.**

O seu trabalho é sincronizado em tempo real na Web, no celular e nos aplicativos para computador. Planeje o seu dia. Compartilhe as ideias. Mantenha a equipe bem informada à distância. E tudo isso, desde qualquer dispositivo.

*   Minhas tarefas
*   Conversas
*   Caixa de entrada
*   Portfólios
*   Projetos
*   Adição rápida
*   Buscas
*   Metas

Perguntas frequentes

**Ficou com dúvidas? Nós temos as respostas.**

**Como posso baixar o aplicativo móvel da Asana?**

Sim. Faça download da Asana para iPhone e iPad na App Store. Faça download da Asana para celulares Android na Google Play Store. Recomendamos que você acesse as lojas no próprio dispositivo para ter a melhor experiência possível. Faça aqui o download da Asana para instalação em computador nas versões Mac, Windows (64-bit) ou Windows (32-bit).

**A Asana dispõe de um aplicativo instalável para computadores Mac ou Windows?**

**A Asana pode ser baixada sem custo?**

Sim, todos os aplicativos Asana podem ser baixados gratuitamente.

CVE-2023-49314: Baixar o aplicativo Asana para dispositivos móveis e computador • Asana

By Owais Sultan
Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace.
This is a post from HackRead.com Read the original post: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

Cybersecurity researchers at Hunters have created a proof-of-concept tool to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat-hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters have responsibly disclosed this to Google and worked closely with them prior to publishing this research.

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of other Workspace users.

The design flaw, which the team at Hunters has dubbed “DeleFriend,” allows potential attackers to manipulate existing delegations in GCP and Google Workspace without possessing the high-privilege Super Admin role on Workspace, which is essential for creating new delegations.

Instead, with less privileged access to a target GCP project, they can create numerous JSON web tokens (JWTs) composed of different OAuth scopes, aiming to pinpoint successful combinations of private key pairs and authorized OAuth scopes which indicate that the service account has domain-wide delegation enabled.

The root cause lies in the fact that the domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

Additionally, no restrictions for fuzzing of JWT combinations were implemented on the API level, which does not restrict the option of enumerating numerous options for finding and taking over existing delegations.

  
This flaw poses a special risk due to the potential impact described above and is amplified by the following:

*   **Long Life**: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
*   **Easy to hide:** The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
*   **Awareness:** IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
*   **Hard to detect:** Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities.

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitoring meetings from Google Calendar.

To execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources.

“By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued.

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments.

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

****About Hunters****

Hunters deliver a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. An SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats.

Organizations like Booking.com, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

****Contact****

Yael Macias at \[email protected\]

Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

By Owais Sultan
Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace.
This is a post from HackRead.com Read the original post: Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

Cybersecurity researchers at Hunters have created a proof-of-concept tool to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat-hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters have responsibly disclosed this to Google and worked closely with them prior to publishing this research.

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of other Workspace users.

The design flaw, which the team at Hunters has dubbed “DeleFriend,” allows potential attackers to manipulate existing delegations in GCP and Google Workspace without possessing the high-privilege Super Admin role on Workspace, which is essential for creating new delegations.

Instead, with less privileged access to a target GCP project, they can create numerous JSON web tokens (JWTs) composed of different OAuth scopes, aiming to pinpoint successful combinations of private key pairs and authorized OAuth scopes which indicate that the service account has domain-wide delegation enabled.

The root cause lies in the fact that the domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

Additionally, no restrictions for fuzzing of JWT combinations were implemented on the API level, which does not restrict the option of enumerating numerous options for finding and taking over existing delegations.

  
This flaw poses a special risk due to the potential impact described above and is amplified by the following:

*   **Long Life**: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
*   **Easy to hide:** The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
*   **Awareness:** IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
*   **Hard to detect:** Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities.

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitoring meetings from Google Calendar.

To execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources.

“By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued.

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments.

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

****About Hunters****

Hunters deliver a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. An SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats.

Organizations like Booking.com, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

**_RELATED ARTICLES_**

1.  **APTs Exploiting WinRAR 0day Flaw Despite Patch Availability**
2.  **15 Best SaaS SEO Experts That Will Help You Dominate Online**
3.  **Google Reveals ‘Reptar’ Vulnerability Threatening Intel Processors**

Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

SmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.

Advisory ID: SYSS-2023-019  
Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway  
Manufacturer: Patton LLC  
Affected Version(s): <= 3.21.2-23021  
Tested Version(s): 2.21.1-22041, 3.21.2-23021, 3.22.0-23083  
Vulnerability Type: OS Command Injection (CWE-78)  
Vulnerability Type: Improper Access Control (CWE-284)  
Risk Level: High  
Solution Status: Open  
Manufacturer Notification: 2023-07-05  
Public Disclosure: 2023-08-28  
CVE Reference: CVE-2023-41109  
Author of Advisory: Maurizio Ruchay, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

SmartNode SN200 is a VoIP appliance which is manufactured and  
distributed by Patton LLC.

The manufacturer describes the product as follows (see [1]):

"The SmartNode 200 Series of VoIP Analog Telephone Adapter and VoIP Phone  
Adapter Gateways support up to four telephone connections. VoIP Analog Phone  
Adapter integrates legacy Phones and Fax machines into a UCC Environment.  
High-quality voice and reliable fax over any IP network. All-IP does not end  
when analog terminals have to be integrated. Security and quality guaranteed."

Due to an error in the authorization mechanism and improper input validation,  
the device allows unauthenticated adversaries to execute OS commands via  
the web interface.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

SySS GmbH found an unauthenticated OS command injection vulnerability in  
SmartNode 200 (SN200) devices.

The SN200 devices offer a "Network Diagnostic Commands" feature to  
administrative users. This feature is designed to execute network diagnostic  
commands like ping. However, as SySS GmbH discovered, the feature can be  
used to execute arbitrary system commands.  
Furthermore, a flaw in the authorization mechanism was found. This issue allows  
unauthenticated adversaries to execute system commands via the affected feature.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The following HTTP request shows how the system command "id" is executed  
on the device:

===  
POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1  
Cookie: AuthToken=; AuthGroup=superuser; UserName=admin  
[... shortened ...]  
Connection: close

{"cmd":"/usr/bin/id","arguments":[]}  
===

The following output from the web interface shows that the command has  
been executed:

===  
*** Command started ***  
[... shortened ...]  
uid=0(root) gid=0(root)

PING 127.0.0.1 (127.0.0.1): 56 data bytes  
64 bytes from 127.0.0.1: seq=0 ttl=64 time=1.025 ms  
64 bytes from 127.0.0.1: seq=1 ttl=64 time=1.781 ms

*** Command completed ***  
===

Especially noteworthy is that an empty cookie "AuthToken" can be used in  
order to bypass the authorization checks.

Since the vulnerability is still active, parts of the PoC have been redacted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

A patch for this issue is not yet available. Therefore, it is recommended to  
disable the vulnerable "Network Diagnostic Commands" feature if possible.  
Furthermore, it is advised to block network access to the HTTP interface  
either on the device directly or via firewall.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2023-06-28: Vulnerability discovered  
2023-07-05: Vulnerability reported to manufacturer  
2023-08-28: Public disclosure of vulnerability  
2023-10-13: Vulnerability confirmation on the newly released update 3.22.0-23083

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for SmartNode SN200  
     https://www.patton.com/voip-gateway/sn200/  
[2] OWASP OS Command Injection Defense Cheat Sheet  
     https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html  
[3] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy  
[4] SySS Security Advisory SYSS-2023-019  
     https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Maurizio Ruchay of SySS GmbH.

E-Mail: maurizio.ruchay@syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Maurizio_Ruchay.asc  
Key ID: 0xEDA7235FA5478A8C  
Key Fingerprint: 9AA6 D02F C74F 3EDE C1CE  AE51 EDA7 235F A547 8A8C

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: https://creativecommons.org/licenses/by/3.0/deed.en

SmartNode SN200 3.21.2-23021 OS Command Injection

Red Hat Security Advisory 2023-7512-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7512.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7512-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7512  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7512-01

Red Hat Security Advisory 2023-7511-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7511.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7511-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7511  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7511-01

Red Hat Security Advisory 2023-7510-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7510.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7510-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7510  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Tag

#web