ISHACK AI BOT

Vulnerabilities deemed not relevant on Alma Linux 9 Severity 1 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:N) Published 11/26/2024 Created 11/28/2024 Added 11/26/2024 Modified 11/26/2024 Description This is a placeholder for all CVEs that are not relevant for one reason or another on Alma Linux 9. Oftentimes Alma Linux makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability. Solution(s) References https://attackerkb.com/topics/cve-2019-0211 CVE - 2019-0211

VMware Photon OS: CVE-2024-11407 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/30/2025 Added 01/29/2025 Modified 01/29/2025 Description There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-11407 CVE - 2024-11407

Gentoo Linux: CVE-2024-11696: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed.Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-11696 CVE - 2024-11696 202501-10

Debian: CVE-2024-36463: zabbix -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/10/2024 Added 12/09/2024 Modified 12/09/2024 Description The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2024-36463 CVE - 2024-36463 DLA-3909-1

Red Hat: CVE-2024-11697: firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 11/26/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-11697 RHSA-2024:10591 RHSA-2024:10592 RHSA-2024:10667 RHSA-2024:10702 RHSA-2024:10710 RHSA-2024:10742 RHSA-2024:10745 RHSA-2024:10748 RHSA-2024:10752 RHSA-2024:10848 View more

Red Hat: CVE-2024-11694: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/26/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-11694 RHSA-2024:10591 RHSA-2024:10592 RHSA-2024:10667 RHSA-2024:10702 RHSA-2024:10710 RHSA-2024:10742 RHSA-2024:10745 RHSA-2024:10748 RHSA-2024:10752 RHSA-2024:10848 View more

Gentoo Linux: CVE-2024-11701: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-11701 CVE - 2024-11701 202501-10

Red Hat: CVE-2024-11699: firefox: thunderbird: Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/26/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-11699 RHSA-2024:10591 RHSA-2024:10592 RHSA-2024:10667 RHSA-2024:10702 RHSA-2024:10710 RHSA-2024:10742 RHSA-2024:10745 RHSA-2024:10748 RHSA-2024:10752 RHSA-2024:10848 View more

Red Hat: CVE-2024-11695: firefox: thunderbird: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/26/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-11695 RHSA-2024:10591 RHSA-2024:10592 RHSA-2024:10667 RHSA-2024:10702 RHSA-2024:10710 RHSA-2024:10742 RHSA-2024:10745 RHSA-2024:10748 RHSA-2024:10752 RHSA-2024:10848 View more

Debian: CVE-2024-11695: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11695 CVE - 2024-11695 DLA-3969-1 DLA-3971-1 DSA-5820-1 DSA-5821-1

MFSA2024-64 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.5 (CVE-2024-11693) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/29/2024 Description The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) mozilla-firefox-esr-upgrade-128_5 References https://attackerkb.com/topics/cve-2024-11693 CVE - 2024-11693 http://www.mozilla.org/security/announce/2024/mfsa2024-64.html

Gentoo Linux: CVE-2024-11692: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-11692 CVE - 2024-11692 202501-10

Debian: CVE-2024-11704: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 02/11/2025 Added 02/07/2025 Modified 02/10/2025 Description A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11704 CVE - 2024-11704 DSA-5858-1

Debian: CVE-2024-11692: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11692 CVE - 2024-11692 DLA-3969-1 DLA-3971-1 DSA-5820-1 DSA-5821-1

Debian: CVE-2024-11696: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/03/2024 Added 12/02/2024 Modified 12/02/2024 Description The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed.Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11696 CVE - 2024-11696 DLA-3969-1 DLA-3971-1 DSA-5820-1 DSA-5821-1

Ubuntu: USN-7134-1 (CVE-2024-11699): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/05/2024 Added 12/04/2024 Modified 12/04/2024 Description Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-11699 CVE - 2024-11699 USN-7134-1

SUSE: CVE-2024-11699: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/10/2025 Added 01/09/2025 Modified 01/09/2025 Description Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-11699 CVE - 2024-11699

Ubuntu: (CVE-2024-11691): thunderbird vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/21/2025 Added 01/20/2025 Modified 01/20/2025 Description Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. Solution(s) ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-11691 CVE - 2024-11691 https://bugzilla.mozilla.org/show_bug.cgi?id=1914707 https://bugzilla.mozilla.org/show_bug.cgi?id=1924184 https://www.cve.org/CVERecord?id=CVE-2024-11691 https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/#CVE-2024-11691 https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/#CVE-2024-11691 https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/#CVE-2024-11691 https://www.mozilla.org/security/advisories/mfsa2024-63/ https://www.mozilla.org/security/advisories/mfsa2024-64/ https://www.mozilla.org/security/advisories/mfsa2024-65/ https://www.mozilla.org/security/advisories/mfsa2024-67/ https://www.mozilla.org/security/advisories/mfsa2024-68/ View more

Ubuntu: USN-7134-1 (CVE-2024-11705): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 12/05/2024 Added 12/04/2024 Modified 12/04/2024 Description `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-11705 CVE - 2024-11705 USN-7134-1

SUSE: CVE-2024-11696: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/03/2025 Description The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed.Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-11696 CVE - 2024-11696

SUSE: CVE-2024-11695: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 01/04/2025 Added 01/03/2025 Modified 01/03/2025 Description A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2024-11695 CVE - 2024-11695

MFSA2024-67 Thunderbird: Security Vulnerabilities fixed in Thunderbird 133 (CVE-2024-11700) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 11/28/2024 Added 11/27/2024 Modified 12/04/2024 Description Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. Solution(s) mozilla-thunderbird-upgrade-133_0 References https://attackerkb.com/topics/cve-2024-11700 CVE - 2024-11700 http://www.mozilla.org/security/announce/2024/mfsa2024-67.html

MFSA2024-68 Thunderbird: Security Vulnerabilities fixed in Thunderbird 128.5 (CVE-2024-11695) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 11/28/2024 Added 11/27/2024 Modified 02/14/2025 Description A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. Solution(s) mozilla-thunderbird-upgrade-128_5 References https://attackerkb.com/topics/cve-2024-11695 CVE - 2024-11695 http://www.mozilla.org/security/announce/2024/mfsa2024-68.html

MFSA2024-70 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.18 (CVE-2024-11694) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 11/28/2024 Added 11/27/2024 Modified 02/14/2025 Description Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, Thunderbird < 128.5, and Thunderbird < 115.18. Solution(s) mozilla-thunderbird-upgrade-115_18 References https://attackerkb.com/topics/cve-2024-11694 CVE - 2024-11694 http://www.mozilla.org/security/announce/2024/mfsa2024-70.html

MFSA2024-67 Thunderbird: Security Vulnerabilities fixed in Thunderbird 133 (CVE-2024-11708) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/26/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/29/2024 Description Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. Solution(s) mozilla-thunderbird-upgrade-133_0 References https://attackerkb.com/topics/cve-2024-11708 CVE - 2024-11708 http://www.mozilla.org/security/announce/2024/mfsa2024-67.html