#js

Red Hat Security Advisory 2024-3339-03 - An update for glibc is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-3338-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3325-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-3324-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-3323-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-3322-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-3321-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Non IE browsers don’t appear to be affected, but I haven’t tested a wide range of browsers to be sure Requests that come through from IE do NOT appear to encode all entities in the URL string, meaning they are inserted into output content directly by SSViewer::process() when rewriting hashlinks, as it directly outputs $_SERVER[‘REQUEST_URI’] **Example IE8 request** 127.0.0.1 - - [18/Jun/2014:14:13:42 +1000] “GET /site/cars/brands/toyota?one=1\”onmouseover=\”alert(‘things’);\” HTTP/1.1” 200 **Example FF request** 127.0.0.1 - - [18/Jun/2014:14:14:22 +1000] “GET /site/cars/brands/toyota?one=1\%22onmouseover=\%22alert(%27things%27);\%22 HTTP/1.1” 200 This causes any hash anchor to have the JS code inserted into the page as-is.

By Waqas Unfading Sea Haze's modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs' investigation. This is a post from HackRead.com Read the original post: New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea

Ubuntu Security Notice 6782-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js.