Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
197
security advisorycriticalcode executionDebian 11 gvfs Critical FTP Command Injection and Network Probing Advisory
Codean Labs found that gvfs, a virtual filesystem implementation, was affected by multiple vulnerabililies including FTP bounce attack which could lead to probing open ports on client network and improper CRLF validation which could allow an attacker to inject arbitrary FTP commands.. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4513-1
Mar 28, 2026
•Critical
Debian LTS
203
security advisoryhigh severitycode executionMageia 7, 8: MGASA-2021-0199 High: Firefox Internal Network Threat
More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961). . MGASA-2021-0199 - Updated firefox packages fix security vulnerabilities Publication date: 29 Apr 2021 URL: https://advisories.mageia.org/MGASA-2021-0199.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946 More internal network hosts could have been probed by a malicious webpage: Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine (CVE-2021-23961). Out of bound write due to lazy initialization: A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write (CVE-2021-23994). Use-after-free in Responsive Design Mode: When Responsive Design Mode was enabled, it used references to objects that were previously freed. We presume that with enough effort this could have been exploited to run arbitrary code (CVE-2021-23995). Secure Lock icon could have been spoofed: Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page (CVE-2021-23998). Blob URLs may have been granted additional privileges: If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content (CVE-2021-23999). Arbitrary FTP command execution on FTP servers using an encoded URL: When a user clicked on an FTP URL containing encoded newline characters(%0A and %0D), the newlines would have been interpreted as such andallowed arbitrary commands to be sent to the FTP server (CVE-2021-24002). Incorrect size computation in WebAssembly JIT could lead to null-reads: The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Note: This issue only affected x86-32 platforms. Other platforms are unaffected. (CVE-2021-29945). Port blocking could be bypassed: Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypassed port blocking restrictions when used in the Alt-Svc header (CVE-2021-29946). References: - https://bugs.mageia.org/show_bug.cgi?id=28822 - https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/ - - https://access.redhat.com/errata/RHSA-2021:1360 - https://www.cve.org/CVERecord?id=CVE-2021-23961 - https://www.cve.org/CVERecord?id=CVE-2021-23994 - https://www.cve.org/CVERecord?id=CVE-2021-23995 - https://www.cve.org/CVERecord?id=CVE-2021-23998 - https://www.cve.org/CVERecord?id=CVE-2021-23999 - https://www.cve.org/CVERecord?id=CVE-2021-24002 - https://www.cve.org/CVERecord?id=CVE-2021-29945 - https://www.cve.org/CVERecord?id=CVE-2021-29946 SRPMS: - 7/core/firefox-l10n-78.10.0-1.mga7 - 7/core/nss-3.64.0-1.mga7 - 7/core/firefox-78.10.0-1.1.mga7 - 8/core/firefox-l10n-78.10.0-1.mga8 - 8/core/nss-3.64.0-1.mga8 - 8/core/firefox-78.10.0-1.1.mga8 . A critical security alert for Mageia users concerning vulnerabilities in Firefox that may endanger internal networks through potential malicious exploration.. Mageia Security Update, Firefox Security Flaws, Network Security Risks. . Severity: Important. LinuxSecurity.com Team
Apr 29, 2021
•Important
Mageia
200
security advisorythunderbirdmemory safetySciLinux: SLSA-2021-0996-1 Moderate: Thunderbird Security Fixes
This update upgrades Thunderbird to version 78.9.0. * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed [More...]. Synopsis: Important: thunderbird security update Advisory ID: SLSA-2021:0996-1 Issue Date: 2021-03-25 CVE Numbers: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 -- This update upgrades Thunderbird to version 78.9.0. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- - Scientific Linux Development Team . The recent patch for Thunderbird addresses serious issues related to memory safety and risks of network discovery. Be sure to update immediately!. Thunderbird Update, Security Fix, Mozilla Issues. . Severity: Important. LinuxSecurity.com Team
Mar 25, 2021
•Important
Scientific Linux
98
security advisoryRed Hat Enterprise Linuxcritical fixRed Hat Enterprise Linux 8.2 RHSA-2021:0989 Critical: Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:0989-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0989 Issue date: 2021-03-25 CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to theCVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read 1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed by a malicious webpage 1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information 1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): Source: firefox-78.9.0-1.el8_2.src.rpm aarch64: firefox-78.9.0-1.el8_2.aarch64.rpm firefox-debuginfo-78.9.0-1.el8_2.aarch64.rpm firefox-debugsource-78.9.0-1.el8_2.aarch64.rpm ppc64le: firefox-78.9.0-1.el8_2.ppc64le.rpm firefox-debuginfo-78.9.0-1.el8_2.ppc64le.rpm firefox-debugsource-78.9.0-1.el8_2.ppc64le.rpm s390x: firefox-78.9.0-1.el8_2.s390x.rpm firefox-debuginfo-78.9.0-1.el8_2.s390x.rpm firefox-debugsource-78.9.0-1.el8_2.s390x.rpm x86_64: firefox-78.9.0-1.el8_2.x86_64.rpm firefox-debuginfo-78.9.0-1.el8_2.x86_64.rpm firefox-debugsource-78.9.0-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23981 https://access.redhat.com/security/cve/CVE-2021-23982 https://access.redhat.com/security/cve/CVE-2021-23984 https://access.redhat.com/security/cve/CVE-2021-23987 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBYFyJYtzjgjWX9erEAQgfyg//avbOP9PrRo5Y+MVxbdY+EaEtqC6GwBUd s9Wz96J4k/SNfq5woTJAGno3Z7AhChwSKhUGVk0yxbJ+oCx9UWX3qdyzc149f4NW CZCxuogWTue60nrlbBLYGriHboFjdDw+SsDSaZ2ZFMZBRjWWwhfHwrlxKFckho6k /NU60iWYY+y7M0Og7P0OLpWDaLZVIETHkSgYrn8uTv/SChrKCCPn7rntvzz2ARrL ZSom7YRlrdGcsFBwHheycR2U2thZZn1yW5fnMVk51/QOtEaB+fK8Or7uMz0mX1sr fZgufND8njlgcczJPglAsOqAo83ZaXOw7H0m5irKkaj5RFCU5BctLSFN+4KOweXq fic4x2eShcYxnFjNCqI453TA7euhdWjionoAXsrfL3QLB2HjuzjhRRpwN/lsifSX +VTKfb2Od32EEGecHS/eNi1eP977+C3is5hw/rZNfL/BUloxIRF4Kht7lvc4F4xu i/smBdB2NAN8YQ2ZqgECyBhWPNBjpQQbH6Nlnr3v/l5tJLgg5KBYSwYGKTeCExOE fpGnYfnHmxP4+2fLbJvhmVbyqOvokKxZt1P+381xGLK8paqpUSPRBG5x3cLVZbT9 hb2W3JjhWUOhFqI1xO3jgAvPfb/VV8oxGwmNX/SDkLtz7OaND3pLFc3zac1CyyHF xfYmSDor8NA=36Vo -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 25, 2021
•Critical
Red Hat
98
security advisorycriticalRed Hat Enterprise LinuxRed Hat Enterprise Linux 8: RHSA-2021-0990-01 Critical Firefox Update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2021:0990-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0990 Issue date: 2021-03-25 CVE Names: CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information,refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read 1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed by a malicious webpage 1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information 1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-78.9.0-1.el8_3.src.rpm aarch64: firefox-78.9.0-1.el8_3.aarch64.rpm firefox-debuginfo-78.9.0-1.el8_3.aarch64.rpm firefox-debugsource-78.9.0-1.el8_3.aarch64.rpm ppc64le: firefox-78.9.0-1.el8_3.ppc64le.rpm firefox-debuginfo-78.9.0-1.el8_3.ppc64le.rpm firefox-debugsource-78.9.0-1.el8_3.ppc64le.rpm s390x: firefox-78.9.0-1.el8_3.s390x.rpm firefox-debuginfo-78.9.0-1.el8_3.s390x.rpm firefox-debugsource-78.9.0-1.el8_3.s390x.rpm x86_64: firefox-78.9.0-1.el8_3.x86_64.rpm firefox-debuginfo-78.9.0-1.el8_3.x86_64.rpm firefox-debugsource-78.9.0-1.el8_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-23981 https://access.redhat.com/security/cve/CVE-2021-23982 https://access.redhat.com/security/cve/CVE-2021-23984 https://access.redhat.com/security/cve/CVE-2021-23987 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGPSIGNATURE----- Version: GnuPG v1 iQIVAwUBYFyAAtzjgjWX9erEAQirJw//ZQSfRg/bS5xad2fmeYdPv30SPQ7e6N0l LDQdDIJ56IzB0jL8WoYnqdw5jbe0aO4CX2SyyYOldAq4K+1y+uPTDKg4NiArNs3q 2K32sXUwS68QkjaBpPnNHPmvVPKxkP85UFuA5tS49vo9Dzs+9ZrPbAeIUOO55a7T 6VIduBL8Nl/WWT1mtcua41na48ue6V/z3W6fVCDGgJgi855UDM+I3d0bS5deTRWf FcIkUDLUmdh7D+6WFHZEqBtinaO0YMJaT3bbnOsvCxHdxvSuNnR4ICd7t8XgWH4E 2AzXAWHcwy2DtsWWFH9njuPyXAeQ714vtSrst8SiE/kGegtR00xOsazmcY8tOsHE QMpnWpB5OPDWyyEnvcHsK84gHTezP/E5wejYoSG5B4rHIXvdren1byDpcQxP5T62 8yRtbCS0waXTQtWF5ns03PiB/zXLmDYj4w942olhj7f/SjPRC8SNDO8UEVoJnIep KywmUBzGIyzCIenNXs7pMgR6FUscqsEtYST0V6OVoS2I9wPDkAMcTe96WuRhmGU4 O/+KgvgIB70lq88DL/SmeRwUgp+aQKnY7ytnXmnb+SY91N933B4wTbgPIvclYd1j xjJfNuatkjcUpD8cLyb3F5Qa5kKhpxU1NLjM5G9u0t4VT2puuDsE44Soj7BJutH4 z/QEBGJuKb8=EUt2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 25, 2021
•Critical
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!