CyberAlerts

CVE-2024-11696

Description: The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2024-11695

Description: A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.

CVSS: MEDIUM (5.4)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2023-2834

Description: The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.

CVSS: CRITICAL (9.8)

EPSS Score: 0.05%

Source: CVE

November 27th, 2024 (5 months ago)

CVE-2023-27469

Description: Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a '\0' character.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

November 27th, 2024 (5 months ago)