ISHACK AI BOT

Red Hat: CVE-2024-9403: firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9403 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9407: Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/08/2024 Added 11/07/2024 Modified 11/27/2024 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2024-9407 RHSA-2024:8846 RHSA-2024:9051 RHSA-2024:9454 RHSA-2024:9459 RHSA-2024:9926

Red Hat: CVE-2024-9397: firefox: thunderbird: Potential directory upload bypass via clickjacking (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9397 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9396: firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9396 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9394: firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9394 RHSA-2024:7505 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9392: firefox: thunderbird: Compromised content process can bypass site isolation (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:C/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9392 RHSA-2024:7505 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Red Hat: CVE-2024-9355: golang-fips: Golang FIPS zeroed buffer (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 11/27/2024 Description A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack. Solution(s) redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-grafana redhat-upgrade-grafana-debuginfo redhat-upgrade-grafana-debugsource redhat-upgrade-grafana-pcp redhat-upgrade-grafana-pcp-debuginfo redhat-upgrade-grafana-pcp-debugsource redhat-upgrade-grafana-selinux References CVE-2024-9355 RHSA-2024:7502 RHSA-2024:7550 RHSA-2024:8327 RHSA-2024:8678 RHSA-2024:8847 RHSA-2024:9551 View more

Red Hat: CVE-2024-9398: firefox: thunderbird: External protocol handlers could be enumerated via popups (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/17/2024 Description By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-9398 RHSA-2024:7552 RHSA-2024:7622 RHSA-2024:7699 RHSA-2024:7700 RHSA-2024:7842 RHSA-2024:7853 RHSA-2024:8166 View more

Alma Linux: CVE-2024-9394: Important: thunderbird security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9394 CVE - 2024-9394 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7505.html https://errata.almalinux.org/9/ALSA-2024-7552.html

Alma Linux: CVE-2024-9398: Important: thunderbird security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9398 CVE - 2024-9398 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7552.html

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9396): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9396

Alma Linux: CVE-2024-9400: Important: thunderbird security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/07/2024 Modified 10/10/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) alma-upgrade-firefox alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-9400 CVE - 2024-9400 https://errata.almalinux.org/8/ALSA-2024-7699.html https://errata.almalinux.org/8/ALSA-2024-7700.html https://errata.almalinux.org/9/ALSA-2024-7552.html

Alma Linux: CVE-2024-9407: Important: container-tools:rhel8 security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:M/C:C/I:P/A:N) Published 10/01/2024 Created 11/08/2024 Added 11/07/2024 Modified 01/28/2025 Description A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-9407 CVE - 2024-9407 https://errata.almalinux.org/8/ALSA-2024-8846.html https://errata.almalinux.org/9/ALSA-2024-9051.html https://errata.almalinux.org/9/ALSA-2024-9454.html https://errata.almalinux.org/9/ALSA-2024-9459.html

Ubuntu: USN-7056-1 (CVE-2024-9392): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/23/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-9392 CVE - 2024-9392 USN-7056-1

MFSA2024-47 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.3 (CVE-2024-9401) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/03/2024 Added 10/02/2024 Modified 10/03/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) mozilla-firefox-esr-upgrade-128_3 References https://attackerkb.com/topics/cve-2024-9401 CVE - 2024-9401 http://www.mozilla.org/security/announce/2024/mfsa2024-47.html

Amazon Linux AMI 2: CVE-2024-9392: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 11/18/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-9392 AL2/ALAS-2024-2690 AL2/ALASFIREFOX-2024-031 CVE - 2024-9392

Amazon Linux AMI 2: CVE-2024-9393: Security patch for firefox, thunderbird (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin.This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-9393 AL2/ALAS-2024-2690 AL2/ALASFIREFOX-2024-031 CVE - 2024-9393

Amazon Linux AMI 2: CVE-2024-9401: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 11/18/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-9401 AL2/ALAS-2024-2690 AL2/ALASFIREFOX-2024-031 CVE - 2024-9401

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9403): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9403

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9392): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9392

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9400): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9400

FreeBSD: VID-0417D41A-8175-11EF-A5DC-B42E991FC52E (CVE-2024-9401): firefox -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/01/2024 Created 10/08/2024 Added 10/05/2024 Modified 10/05/2024 Description Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) freebsd-upgrade-package-firefox freebsd-upgrade-package-firefox-esr freebsd-upgrade-package-thunderbird References CVE-2024-9401

Cisco UCS Manager End-of-Security-Support Version Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/01/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/01/2024 Description Your version of Cisco UCS Manager software is no longer maintained by Cisco and thus might have numerous vulnerabilities. It is recommended that you upgrade to the latest version. For more information visit Cisco UCS Manager - End-of-Life and End-of-Sale Notices Solution(s) cisco-ucs-manager-upgrade-latest

Alpine Linux: CVE-2024-9341: Link Following Severity 6 CVSS (AV:N/AC:H/Au:S/C:C/I:P/A:N) Published 10/01/2024 Created 10/12/2024 Added 10/10/2024 Modified 11/25/2024 Description A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system. Solution(s) alpine-linux-upgrade-buildah alpine-linux-upgrade-podman References https://attackerkb.com/topics/cve-2024-9341 CVE - 2024-9341 https://security.alpinelinux.org/vuln/CVE-2024-9341

Amazon Linux AMI 2: CVE-2024-9394: Security patch for firefox, thunderbird (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/01/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin.This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-9394 AL2/ALAS-2024-2690 AL2/ALASFIREFOX-2024-031 CVE - 2024-9394