CVE-2024-2610: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability…

CVE-2024-2610 [MEDIUM] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611, CVE-2024-2614) Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) Gary Kwong discovered that Thunderbird incorrectly updated return registers for JIT code on Armv7-A systems. An attacker could potent

CVE-2024-2610 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-2609, CVE-2024-2611, CVE-2024-2614, CVE-2024-2615) Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) It was discovered that Firefox did not properly handle WASM register values in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-260

CVE-2024-2610 [MEDIUM] CWE-79 Mozilla: Improper handling of html and body tags enabled CSP nonce leakage Mozilla: Improper handling of html and body tags enabled CSP nonce leakage Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

CVE-2024-2610 [MEDIUM] CVE-2024-2610: firefox - Using a markup injection an attacker could have stolen nonce values. This could ... Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Scope: local sid: resolved (fixed in 124.0-1)

CVE-2024-2610 [MEDIUM] Mozilla Foundation Security Advisory 2024-14: CVE-2024-2610 Mozilla Foundation Security Advisory 2024-14 CVE: CVE-2024-2610 Product: Thunderbird Impact: high Fixed in: Thunderbird 115.9

CVE-2024-2610 [MEDIUM] Mozilla Foundation Security Advisory 2024-12: CVE-2024-2610 Mozilla Foundation Security Advisory 2024-12 CVE: CVE-2024-2610 Product: Firefox Impact: critical Fixed in: Firefox 124

CVE-2024-2610 [MEDIUM] Mozilla Foundation Security Advisory 2024-13: CVE-2024-2610 Mozilla Foundation Security Advisory 2024-13 CVE: CVE-2024-2610 Product: Firefox ESR Impact: high Fixed in: Firefox ESR 115.9

CVE-2024-0743 [MEDIUM] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-0743, CVE-2024-2611, CVE-2024-2614) Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) Gary Kwong discovered that Thunderbird incorrectly updated return registers for JIT code on Armv7-A systems. An attacker could potentially exploit this issue to execute arbitrary code. (CVE-2024-2607)

CVE-2024-2609 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-2609, CVE-2024-2611, CVE-2024-2614, CVE-2024-2615) Hubert Kario discovered that Firefox had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information. (CVE-2023-5388) It was discovered that Firefox did not properly handle WASM register values in some circumstances. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-2606) Gary Kwong discovered that Firefox incorrectly updated retur

CVE-2024-2610 [MEDIUM] CVE-2024-2610: Using a markup injection an attacker could have stolen nonce values Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

CVE-2024-2610 [MEDIUM] CWE-94 GHSA-mq9m-4hg9-c34x: Using a markup injection an attacker could have stolen nonce values Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.