Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, clickjacking, spoofing or information leaks.
Yearly Archives: 2023
DSA-5534 xorg-server – security update
Jan-Niklas Sohn discovered several vulnerabilities in the Xorg X server,
which may result in privilege escalation if the X server is running
privileged.
A Vulnerability in ChromeOS Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in ChromeOS which could allow for arbitrary code execution. ChromeOS is a Linux-based operating system developed and designed by Google. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Spanish police make 34 arrests, dismantling cybercriminal gang that stole 4 million people’s data
Spanish police have arrested 34 suspected members of a criminal gang that are alleged to have run a variety of scams to steal data from over four million people.
Law enforcement agents across the country took part in 16 searches that not only seized electronic equipment and computer databases, four expensive vehicles, and $80,000 Euros but also confiscated a baseball bat, a katana, and two firearms.
Read more in my article on the Hot for Security blog.
Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
firefox-119.0-1.fc38
FEDORA-2023-7cdf31bb36
Packages in this update:
firefox-119.0-1.fc38
Update description:
Update to latest upstream (119.0)
firefox-119.0-1.fc37
FEDORA-2023-4e191bea36
Packages in this update:
firefox-119.0-1.fc37
Update description:
Update to latest upstream (119.0)
USN-6451-1: ncurses vulnerability
It was discovered that ncurses could be made to read out of bounds.
An attacker could possibly use this issue to cause a denial of service.
Hardened Windows Desktop OSes Debut on Azure Marketplace!
CIS has released Hardened Images for Microsoft Windows 10 and 11 on the Azure Marketplace. Here’s what this means for your cloud security needs.
USN-6450-1: OpenSSL vulnerabilities
Tony Battersby discovered that OpenSSL incorrectly handled key and
initialization vector (IV) lengths. This could lead to truncation issues
and result in loss of confidentiality for some symmetric cipher modes.
(CVE-2023-5363)
Juerg Wullschleger discovered that OpenSSL incorrectly handled the AES-SIV
cipher. This could lead to empty data entries being ignored, resulting in
certain applications being misled. This issue only affected Ubuntu 22.04
LTS and Ubuntu 23.04. (CVE-2023-2975)
It was discovered that OpenSSL incorrectly handled checking excessively
long DH keys or parameters. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, leading to a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3446,
CVE-2023-3817)