A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    Explore
    
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   For
    
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    By Solution
    
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    Resources
    
    *   Learning Pathways
    *   White papers, Ebooks, Webinars
    *   Customer Stories
    *   Partners
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    Repositories
    
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

**Saved searches****Use saved searches to filter your results more quickly**

Sign in

Sign up

horsicq / **XMachOViewer** Public

*   Notifications
*   Fork 50
*   Star 635
    

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**License**

MIT license

635 stars 50 forks Activity

Star

Notifications

*   Code
*   Issues 2
*   Pull requests
*   Discussions
*   Actions
*   Projects
*   Security
*   Insights

Additional navigation options

master

Switch branches/tags

**Name already in use**

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

**1** branch **5** tags

Code

*   Clone
    
    Use Git or checkout with SVN using the web URL.
    
*   Open with GitHub Desktop
*   Download ZIP

**Latest commit**

**Git stats**

*   **12,688** commits

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

.github

Create docker-image.yml

May 24, 2021 11:42

Controls @ bde01e3

Update module: Controls 2023-11-28

November 28, 2023 00:21

Detect-It-Easy @ 361698e

Update module: Detect-It-Easy 2023-11-28

November 28, 2023 00:23

FormatDialogs @ de15ef2

Update module: FormatDialogs 2023-11-27

November 27, 2023 01:47

FormatWidgets @ e36380f

Update module: FormatWidgets 2023-11-28

November 28, 2023 00:22

Formats @ c3ce687

Update module: Formats 2023-11-28

November 28, 2023 00:22

LINUX

Fix: 2022-08-08

August 8, 2022 18:47

SpecAbstract @ 9282c42

Fix: 2023-10-04

October 4, 2023 19:31

StaticScan @ 723090f

Fix: 2023-05-23

May 23, 2023 20:34

XAboutWidget @ 8cc8adb

Fix: 2023-09-05

September 5, 2023 00:12

XArchive @ 6d85719

Update module: XArchive 2023-11-12

November 12, 2023 16:19

XCapstone @ 8c16344

Update module: XCapstone 2023-11-28

November 28, 2023 00:22

XCppfilt @ d9c2be9

Update module: XCppfilt 2023-10-18

October 18, 2023 18:34

XDEX @ 71db4b8

Fix: 2023-07-31

July 31, 2023 19:05

XDataConvertorWidget @ a776bd1

Update module: XDataConvertorWidget 2023-11-28

November 28, 2023 03:49

XDecompiler @ 3391a28

Fix: 2023-08-21

August 21, 2023 18:48

XDemangle @ c8c3172

Update module: XDemangle 2023-11-24

November 24, 2023 00:25

XDemangleWidget @ af0d823

Fix: 2023-09-29

September 29, 2023 17:36

XDisasm @ 7767f42

Fix: 2023-04-10

April 10, 2023 01:26

XDisasmView @ b81ac59

Update module: XDisasmView 2023-11-28

November 28, 2023 00:22

XDynStructs @ d67af94

Fix: 2023-03-11

March 11, 2023 22:35

XDynStructsEngine @ f90de40

Fix: 2023-03-13

March 13, 2023 05:40

XDynStructsWidget @ 2243d2a

Fix: 2023-09-11

September 11, 2023 00:08

XEntropyWidget @ 57dc917

Fix: 2023-09-25

September 25, 2023 19:09

XExtractor @ 040530e

Fix: 2023-08-04

August 4, 2023 00:19

XExtractorWidget @ 989bda3

Fix: 2023-09-25

September 25, 2023 18:34

XFileInfo @ e1535c6

Fix: 2023-09-25

September 25, 2023 18:47

XGithub @ e66b9dc

Fix: 2023-03-15

March 15, 2023 06:09

XHashWidget @ 86c77b4

Fix: 2023-09-25

September 25, 2023 19:12

XHexEdit @ 04d9067

Fix: 2023-07-27

July 27, 2023 00:30

XHexView @ 9a4b88a

Update module: XHexView 2023-11-28

November 28, 2023 00:22

XInfoDB @ df88dd6

Update module: XInfoDB 2023-11-28

November 28, 2023 00:22

XLLVMDemangler @ 9f9ca2e

Fix: 2023-03-11

March 11, 2023 23:13

XMemoryMapWidget @ ce52b89

Update module: XMemoryMapWidget 2023-11-10

November 10, 2023 00:21

XOnlineTools @ 834247c

Fix: 2023-09-25

September 25, 2023 18:44

XOptions @ 4a25fe9

Update module: XOptions 2023-11-28

November 28, 2023 00:22

XPDF @ 74f8435

Fix: 2023-08-11

August 11, 2023 00:39

XQwt @ 0a1a424

Fix: 2023-07-08

July 8, 2023 00:45

XShortcuts @ 5dc4922

Update module: XShortcuts 2023-11-25

November 25, 2023 12:11

XStyles @ 62e634b

Fix: 2023-10-02

October 2, 2023 16:22

XSymbolsWidget @ d8fe2aa

Fix: 2023-09-05

September 5, 2023 00:15

XTranslation @ a16af1d

Update module: XTranslation 2023-11-20

November 20, 2023 00:21

XUpdate @ 5c69107

Fix: 2023-04-10

April 10, 2023 21:46

XVisualizationWidget @ 1d78c38

Fix: 2023-09-25

September 25, 2023 18:38

XYara @ cb9b124

Update module: XYara 2023-10-23

October 23, 2023 18:32

archive\_widget @ 289ba6b

Fix: 2023-09-07

September 7, 2023 14:32

build\_libs

Fix: 2023-05-22

May 22, 2023 18:12

build\_tools @ 14c6d42

Update module: build\_tools 2023-11-02

November 2, 2023 18:29

die\_script @ 490a8cb

Update module: die\_script 2023-11-26

November 26, 2023 00:22

die\_widget @ 2cc7014

Update module: die\_widget 2023-11-23

November 23, 2023 08:52

docs

Format RUN.md

October 13, 2023 02:57

gui\_source

Fix: 2023-09-05

September 5, 2023 00:09

hex\_templates @ dff5b39

Fix: 2023-03-11

March 11, 2023 23:02

icons

Fix: 2022-08-08

August 8, 2022 18:47

images/thanks

Fix: 2023-09-08

September 8, 2023 00:50

mascots

Fix: 2021-05-05

May 5, 2021 18:10

nfd\_widget @ 0258f38

Update module: nfd\_widget 2023-10-17

October 17, 2023 18:52

signatures @ b8f9793

Fix: 2023-03-11

March 11, 2023 22:35

yara\_widget @ 5180c67

Update module: yara\_widget 2023-10-18

October 18, 2023 18:35

.gitmodules

Add new module

November 26, 2023 00:08

CMakeLists.txt

Fix: 2023-05-22

May 22, 2023 18:12

Dockerfile

Fix: 2021-05-24

May 24, 2021 12:04

LICENSE

Fix: 2023-02-18

February 18, 2023 00:08

README.md

Update README.md

October 16, 2023 22:03

THANKS.md

Fix: 2023-09-08

September 8, 2023 00:50

build.pri

Fix: 2023-03-14

March 14, 2023 08:11

build\_dpkg.sh

Fix: 2022-08-12

August 12, 2022 16:39

build\_mac.sh

Fix: 2022-08-05

August 5, 2022 15:28

build\_msvc\_win32.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_win64.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_msvc\_winxp.bat

Fix: 2021-09-28

September 28, 2021 19:06

build\_win32.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win64.bat

Fix: 2021-05-21

May 21, 2021 17:58

build\_win\_generic.cmd

Fix: 2022-08-05

August 5, 2022 15:28

changelog.txt

Fix: 2022-07-19

July 19, 2022 18:10

configure

Fix: 2022-08-02

August 2, 2022 16:30

configure.ac

Fix: 2022-08-02

August 2, 2022 16:30

create\_appimage.sh

Fix: 2022-08-05

August 5, 2022 18:12

global.h

Fix: 2023-04-02

April 2, 2023 13:55

install.iss

Fix: 2022-05-24

May 24, 2022 18:22

install.sh

Fix: 2022-08-05

August 5, 2022 15:28

release\_version.txt

Fix: 2022-07-19

July 19, 2022 18:10

xmachoviewer\_source.pro

Fix: 2022-01-24

January 24, 2022 18:44

MachO file viewer/editor for Windows, Linux and macOS. Features Downloads Building Usage Changelog You can help with translation! Special Thanks

**README.md**

   

**MachO file viewer/editor for Windows, Linux and macOS.****Features**

*   Heuristic scan
*   String viewer
*   Hex viewer
*   Disasm viewer(x86/64,ARM,PPC,m68k)
*   Entropy viewer
*   Hash viewer
*   Crypto search
*   Name demangling

**Downloads**

XMachOViewer can be downloaded from the releases page.

**Building**

Build instructions can be found in BUILD.md.

**Usage**

Instructions to use xmachoviewer - The GUI version can be found in RUN.md.

**Changelog**

Changelog can be found in changelog.txt.

**You can help with translation!**

Follow This link.

       

**Special Thanks**

*   PELock Software Protection & Reverse Engineering

**About**

XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

ntinfo.biz

**Topics**

reverse-engineering macho hacktoberfest macho-parser osx-application machoexplorer machoview macho-loader macho64 hacktoberfest2023

**Resources**

Readme

**License**

MIT license

Activity

**Stars**

**635** stars

**Watchers**

**13** watching

**Forks**

**50** forks

Report repository

**Releases 5**

0.04 Latest

Aug 6, 2022

\+ 4 releases

**Sponsor this project**

Learn more about GitHub Sponsors

**Packages**

No packages published  

**Contributors 3**

*    **horsicq** Hors
*    **mdhvg** Madhav Goyal
*    **omimakhare** OMKAR MAKHARE

**Languages**

*   C++ 37.5%
*   QMake 33.1%
*   Batchfile 10.0%
*   Shell 8.0%
*   CMake 5.1%
*   M4 2.0%
*   Other 4.3%

CVE-2023-49313: GitHub - horsicq/XMachOViewer: XMachOViewer is a Mach-O viewer for Windows, Linux and MacOS

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

**Já disponível: a Asana Intelligence se juntou à equipe com um jeito mais inteligente de trabalharSaiba mais**

Asana Home

**Navigation Instructions**Use left and right arrow keys to navigate between columns.Use up and down arrow keys to move between submenu items.Use Escape to close the menu.

*   **Por que a Asana?**
    
    *   Crie planejamentos de projetos, coordene as tarefas e cumpra todos os prazos
    *   Planeje e faça a gestão de campanhas, lançamentos e muito mais
    *   Desenvolva, expanda e agilize os processos para melhorar a eficiência
    *   Melhore a clareza, o foco e o crescimento pessoal
    *   Elabore roteiros, planeje sprints, faça a gestão dos envios e dos lançamentos
    
    **Para o seu fluxo de trabalho**
    
    *   Planeje, monitore e faça a gestão dos projetos da sua equipe do início ao fim
    *   Crie, lance e monitore as suas campanhas de marketing
    *   Projete, revise e entregue trabalhos inspiradores
    *   Acompanhamento de solicitações
        
        Monitore, priorize e processe as solicitações das equipes
    
    *   Colabore e faça a gestão do trabalho de qualquer lugar
    *   Seja mais consciente em relação à forma como administra o seu tempo
    *   Crie com rapidez, entregue com frequência, e monitore tudo de um só lugar
    *   Veja todos os fluxos de trabalho
        
    
    **Modelos**
    
    *   Página inicial dos modelos
        
        Comece com o pé direito usando modelos elaborados para as suas necessidades
    
*   **Principais funcionalidades**
    
    *   Asana Intelligence Novidade
        
        Amplie o impacto da sua equipe com a IA para Asana
    *   Construtor de fluxo de trabalho
        
        Crie processos automatizados para coordenar as equipes
    *   Crie em poucos minutos um atraente diagrama de Gantt
    *   Acompanhe o andamento do trabalho nos quadros Kanban
    
    *   Use um calendário compartilhado para visualizar o trabalho da equipe
    *   Integrações de aplicativos
        
        Descubra como a Asana integra múltiplos aplicativos para apoiar a sua equipe
    *   Acompanhe o progresso de qualquer fluxo de trabalho em tempo real
    *   Estabeleça metas estratégicas e monitore o progresso delas em um único lugar
    
    *   Envie e faça a gestão das solicitações de trabalho em um único lugar
    *   Agilize os processos, reduza os erros e perca menos tempo com as tarefas de rotina
    *   Veja a carga de trabalho dos membros da equipe nos diversos projetos
    *   Veja todas as funcionalidades
        
    
    **Todos os planos**
    
    *   Ideal para usuários individuais e pequenas equipes que desejam gerir as suas tarefas
    *   Ideal para as equipes em crescimento que precisam monitorar o progresso dos seus projetos e cumprir prazos
    *   Ideal para as empresas que precisam gerir um portfólio de trabalhos e metas de diversos departamentos
    *   
    
*   **Aprendizagem**
    
    *   Recursos para a gestão do trabalho
        
        Conheça boas práticas, assista a webinários, obtenha insights
    *   Saiba mais sobre o que há de melhor e mais recente na Asana
    *   Explore diversas dicas, truques e sugestões para obter o máximo da Asana
    *   Inscreva-se em cursos interativos e webinários para aprender a usar a Asana
    *   Blog Nos bastidores da Asana
        
        Descubra as novidades mais recentes da Asana sobre o produto e a empresa
    
    **Conexão**
    
    *   Saiba mais sobre os próximos eventos que ocorrerão perto de você
    *   Conecte-se e aprenda com outros clientes da Asana ao redor do mundo
    *   Precisa de ajuda? Entre em contato com a equipe de Suporte da Asana
    *   Saiba mais sobre os programas dos nossos parceiros
    
    *   Descubra como desenvolver aplicativos na plataforma da Asana
    *   Asana para entidades sem fins lucrativos
        
        Obtenha mais informações e candidate-se ao nosso programa de descontos para organizações sem fins lucrativos.
    *   Asana para instituições de ensino
        
        Obtenha mais informações e candidate-se ao nosso programa de descontos para instituições de ensino.
    
    **Leituras em destaque**
    
    *   Apresentamos a Asana Intelligence:  
        a IA se juntou à equipe  
        ,DemonstraçãoAssista agora
        
    *   Promova o impacto dos funcionários: novas ferramentas para capacitar lideranças resilientes,RelatórioLeia mais
        
    *   Anatomia do trabalho: Índice global de 2023,RelatórioLeia mais
        
    
*   Enterprise
*   Preços

*   Fale com Vendas
*   Ver uma demonstração
*   Baixar o aplicativo

Aplicativo móvel

**Asana para iOS**

Aplicativo móvel

**Asana para Android**

Aplicativo móvel

**Asana para iOS**

Aplicativo móvel

**Asana para Android**

**Recursos na ponta dos seus dedos.**

O seu trabalho é sincronizado em tempo real na Web, no celular e nos aplicativos para computador. Planeje o seu dia. Compartilhe as ideias. Mantenha a equipe bem informada à distância. E tudo isso, desde qualquer dispositivo.

*   Minhas tarefas
*   Conversas
*   Caixa de entrada
*   Portfólios
*   Projetos
*   Adição rápida
*   Buscas
*   Metas

Perguntas frequentes

**Ficou com dúvidas? Nós temos as respostas.**

**Como posso baixar o aplicativo móvel da Asana?**

Sim. Faça download da Asana para iPhone e iPad na App Store. Faça download da Asana para celulares Android na Google Play Store. Recomendamos que você acesse as lojas no próprio dispositivo para ter a melhor experiência possível. Faça aqui o download da Asana para instalação em computador nas versões Mac, Windows (64-bit) ou Windows (32-bit).

**A Asana dispõe de um aplicativo instalável para computadores Mac ou Windows?**

**A Asana pode ser baixada sem custo?**

Sim, todos os aplicativos Asana podem ser baixados gratuitamente.

CVE-2023-49314: Baixar o aplicativo Asana para dispositivos móveis e computador • Asana

By Owais Sultan
Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace.
This is a post from HackRead.com Read the original post: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

Cybersecurity researchers at Hunters have created a proof-of-concept tool to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat-hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters have responsibly disclosed this to Google and worked closely with them prior to publishing this research.

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of other Workspace users.

The design flaw, which the team at Hunters has dubbed “DeleFriend,” allows potential attackers to manipulate existing delegations in GCP and Google Workspace without possessing the high-privilege Super Admin role on Workspace, which is essential for creating new delegations.

Instead, with less privileged access to a target GCP project, they can create numerous JSON web tokens (JWTs) composed of different OAuth scopes, aiming to pinpoint successful combinations of private key pairs and authorized OAuth scopes which indicate that the service account has domain-wide delegation enabled.

The root cause lies in the fact that the domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

Additionally, no restrictions for fuzzing of JWT combinations were implemented on the API level, which does not restrict the option of enumerating numerous options for finding and taking over existing delegations.

  
This flaw poses a special risk due to the potential impact described above and is amplified by the following:

*   **Long Life**: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
*   **Easy to hide:** The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
*   **Awareness:** IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
*   **Hard to detect:** Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities.

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitoring meetings from Google Calendar.

To execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources.

“By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued.

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments.

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

****About Hunters****

Hunters deliver a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. An SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats.

Organizations like Booking.com, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

****Contact****

Yael Macias at \[email protected\]

Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

By Owais Sultan
Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace.
This is a post from HackRead.com Read the original post: Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

Cybersecurity researchers at Hunters have created a proof-of-concept tool to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks.

BOSTON, MASS. and TEL AVIV, ISRAEL, November 28, 2023 – A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat-hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges.

Such exploitation could result in the theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters have responsibly disclosed this to Google and worked closely with them prior to publishing this research.

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of other Workspace users.

The design flaw, which the team at Hunters has dubbed “DeleFriend,” allows potential attackers to manipulate existing delegations in GCP and Google Workspace without possessing the high-privilege Super Admin role on Workspace, which is essential for creating new delegations.

Instead, with less privileged access to a target GCP project, they can create numerous JSON web tokens (JWTs) composed of different OAuth scopes, aiming to pinpoint successful combinations of private key pairs and authorized OAuth scopes which indicate that the service account has domain-wide delegation enabled.

The root cause lies in the fact that the domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object.

Additionally, no restrictions for fuzzing of JWT combinations were implemented on the API level, which does not restrict the option of enumerating numerous options for finding and taking over existing delegations.

  
This flaw poses a special risk due to the potential impact described above and is amplified by the following:

*   **Long Life**: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
*   **Easy to hide:** The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
*   **Awareness:** IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
*   **Hard to detect:** Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities.

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitoring meetings from Google Calendar.

To execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources.

“By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued.

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments.

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

****About Hunters****

Hunters deliver a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. An SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats.

Organizations like Booking.com, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

**_RELATED ARTICLES_**

1.  **APTs Exploiting WinRAR 0day Flaw Despite Patch Availability**
2.  **15 Best SaaS SEO Experts That Will Help You Dominate Online**
3.  **Google Reveals ‘Reptar’ Vulnerability Threatening Intel Processors**

Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

SmartNode SN200 versions 3.21.2-23021 and below suffer from a remote command execution vulnerability.

Advisory ID: SYSS-2023-019  
Product: SmartNode SN200 Analog Telephone Adapter (ATA) & VoIP Gateway  
Manufacturer: Patton LLC  
Affected Version(s): <= 3.21.2-23021  
Tested Version(s): 2.21.1-22041, 3.21.2-23021, 3.22.0-23083  
Vulnerability Type: OS Command Injection (CWE-78)  
Vulnerability Type: Improper Access Control (CWE-284)  
Risk Level: High  
Solution Status: Open  
Manufacturer Notification: 2023-07-05  
Public Disclosure: 2023-08-28  
CVE Reference: CVE-2023-41109  
Author of Advisory: Maurizio Ruchay, SySS GmbH

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

SmartNode SN200 is a VoIP appliance which is manufactured and  
distributed by Patton LLC.

The manufacturer describes the product as follows (see [1]):

"The SmartNode 200 Series of VoIP Analog Telephone Adapter and VoIP Phone  
Adapter Gateways support up to four telephone connections. VoIP Analog Phone  
Adapter integrates legacy Phones and Fax machines into a UCC Environment.  
High-quality voice and reliable fax over any IP network. All-IP does not end  
when analog terminals have to be integrated. Security and quality guaranteed."

Due to an error in the authorization mechanism and improper input validation,  
the device allows unauthenticated adversaries to execute OS commands via  
the web interface.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

SySS GmbH found an unauthenticated OS command injection vulnerability in  
SmartNode 200 (SN200) devices.

The SN200 devices offer a "Network Diagnostic Commands" feature to  
administrative users. This feature is designed to execute network diagnostic  
commands like ping. However, as SySS GmbH discovered, the feature can be  
used to execute arbitrary system commands.  
Furthermore, a flaw in the authorization mechanism was found. This issue allows  
unauthenticated adversaries to execute system commands via the affected feature.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The following HTTP request shows how the system command "id" is executed  
on the device:

===  
POST /rest/xxxxxxxxxxxxxxx/xxxxxxx?executeAsync HTTP/1.1  
Cookie: AuthToken=; AuthGroup=superuser; UserName=admin  
[... shortened ...]  
Connection: close

{"cmd":"/usr/bin/id","arguments":[]}  
===

The following output from the web interface shows that the command has  
been executed:

===  
*** Command started ***  
[... shortened ...]  
uid=0(root) gid=0(root)

PING 127.0.0.1 (127.0.0.1): 56 data bytes  
64 bytes from 127.0.0.1: seq=0 ttl=64 time=1.025 ms  
64 bytes from 127.0.0.1: seq=1 ttl=64 time=1.781 ms

*** Command completed ***  
===

Especially noteworthy is that an empty cookie "AuthToken" can be used in  
order to bypass the authorization checks.

Since the vulnerability is still active, parts of the PoC have been redacted.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

A patch for this issue is not yet available. Therefore, it is recommended to  
disable the vulnerable "Network Diagnostic Commands" feature if possible.  
Furthermore, it is advised to block network access to the HTTP interface  
either on the device directly or via firewall.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2023-06-28: Vulnerability discovered  
2023-07-05: Vulnerability reported to manufacturer  
2023-08-28: Public disclosure of vulnerability  
2023-10-13: Vulnerability confirmation on the newly released update 3.22.0-23083

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for SmartNode SN200  
     https://www.patton.com/voip-gateway/sn200/  
[2] OWASP OS Command Injection Defense Cheat Sheet  
     https://cheatsheetseries.owasp.org/cheatsheets/OS_Command_Injection_Defense_Cheat_Sheet.html  
[3] SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy  
[4] SySS Security Advisory SYSS-2023-019  
     https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-019.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Maurizio Ruchay of SySS GmbH.

E-Mail: maurizio.ruchay@syss.de  
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Maurizio_Ruchay.asc  
Key ID: 0xEDA7235FA5478A8C  
Key Fingerprint: 9AA6 D02F C74F 3EDE C1CE  AE51 EDA7 235F A547 8A8C

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS Web  
site.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: https://creativecommons.org/licenses/by/3.0/deed.en

SmartNode SN200 3.21.2-23021 OS Command Injection

Red Hat Security Advisory 2023-7512-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7512.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7512-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7512  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7512-01

Red Hat Security Advisory 2023-7511-01 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7511.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7511-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7511  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7511-01

Red Hat Security Advisory 2023-7510-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7510.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7510-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7510  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7510-01

Red Hat Security Advisory 2023-7509-01 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7509.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7509-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7509  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7509-01

Red Hat Security Advisory 2023-7508-01 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7508.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7508-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7508  
Issue date:         2023-11-27  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Tag

#web