#firefox

CSZCMS version 1.3.0 suffers from a remote SQL injection vulnerability in the admin flows.

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

Debian Linux Security Advisory 5606-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, phishing, clickjacking, privilege escalation, HSTS bypass or bypass of content security policies.

Russian state-sponsored actor Coldriver uses spear phishing attacks to install the Spica backdoor on victim systems.

Firefox version 121 and Chrome version 120 may both suffer from a minor denial of service issue with file downloads.

Ubuntu Security Notice 6562-2 - USN-6562-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. DoHyun Lee discovered that Firefox did not properly manage memory when used on systems with the Mesa VM driver. An attacker could potentially exploit this issue to execute arbitrary code. George Pantela and Hubert Kario discovered that Firefox using multiple NSS NIST curves which were susceptible to a side-channel attack known as "Minerva". An attacker could potentially exploit this issue to obtain sensitive information. Andrew Osmond discovered that Firefox did not properly validate the textures produced by remote decoders. An attacker could potentially exploit this issue...

AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability.

By Owais Sultan The web extension, patented in the U.S. and U.K., is now available for pre-order in a limited, pre-sale event. This is a post from HackRead.com Read the original post: Cyqur Launches A Game-Changing Data Encryption and Fragmentation Web Extension

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in