(CVE-2023-28163) - Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. Other versions of Firefox are unaffected. This bug only affects Firefox on Windows. (CVE-2023-28162) - When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user.
This could have led to a potentially exploitable crash. (CVE-2023-25752) - While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This may have lead future code to be incorrect and vulnerable. (CVE-2023-25751) - When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This could lead to a potentially exploitable crash. Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-075-01 advisory. Description The version of mozilla-thunderbird installed on the remote host is prior to 102.9.0. Synopsis The remote Slackware Linux host is missing a security update to mozilla-thunderbird.
0 kommentar(er)
