#firefox

Memory safety bugs present in Firefox 119, Firefox 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox < 115.5, and Thunderbird < 115.5.0.

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox < 120.

Memory safety bugs present in Firefox 119. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120.

GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities.

LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component.

Ubuntu Security Notice 6456-2 - USN-6456-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Kelsey Gilbert discovered that Firefox did not properly manage certain browser prompts and dialogs due to an insufficient activation-delay. An attacker could potentially exploit this issue to perform clickjacking. Daniel Veditz discovered that Firefox did not properly validate a cookie containing invalid characters. An attacker could potentially exploit this issue to cause a denial of service. Shaheen Fazim discovered that Firefox did not properly validate the URLs open by installed WebExtension. An attacker could potentially exploit this issue to obtain sensitive informat...

SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter.