USN-6509-1: Firefox vulnerabilities

Read Time:1 Minute, 0 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-6206,
CVE-2023-6210, CVE-2023-6211, CVE-2023-6212, CVE-2023-6213)

It was discovered that Firefox did not properly manage memory when
images were created on the canvas element. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6204)

It discovered that Firefox incorrectly handled certain memory when using a
MessagePort. An attacker could potentially exploit this issue to cause a
denial of service. (CVE-2023-6205)

It discovered that Firefox incorrectly did not properly manage ownership
in ReadableByteStreams. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6207)

It discovered that Firefox incorrectly did not properly manage copy
operations when using Selection API in X11. An attacker could potentially
exploit this issue to obtain sensitive information. (CVE-2023-6208)

Rachmat Abdul Rokhim discovered incorrectly handled parsing of relative
URLS starting with “///”. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-6209)

Read More

USN-6508-1: poppler vulnerabilities

Read Time:34 Second

It was discovered that poppler incorrectly handled certain malformed PDF
files. If a user or an automated system were tricked into opening a
specially crafted PDF file, a remote attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-23804)

It was discovered that poppler incorrectly handled certain malformed PDF
files. If a user or an automated system were tricked into opening a
specially crafted PDF file, a remote attacker could possibly use this
issue to cause a denial of service. (CVE-2022-37050, CVE-2022-37051,
CVE-2022-37052, CVE-2022-38349)

Read More

DSA-5563-1 intel-microcode – security update

Read Time:21 Second

Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa
Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi,
Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela,
Doug Kwan, and Kostik Shtoyk discovered that some Intel processors
mishandle repeated sequences of instructions leading to unexpected
behavior, which may result in privilege escalation, information
disclosure or denial of service.

https://security-tracker.debian.org/tracker/DSA-5563-1

Read More