Multiple Mozilla Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-10466 CVSS:7.5

Mozilla Firefox is vulnerable to a denial of service. By sending a specially crafted push message, a remote attacker could exploit this vulnerability to hang the parent process, causing the browser to become unresponsive.

CVE-2024-11159 CVSS:6.5

Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error when using remote content in OpenPGP encrypted messages. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to lead to the disclosure of plaintext.

Impact

Denial of Service
Information Disclosure

Indicators of Compromise

CVE

CVE-2024-10466
CVE-2024-11159

Affected Vendors

Mozilla

Affected Products

Mozilla Firefox 131
Mozilla Firefox ESR 128.3
Mozilla Thunderbird - 131
Mozilla Thunderbird - 128.4.2
Mozilla Thunderbird - 132.0.0
Mozilla Thunderbird - unspecified

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-10466

CVE-2024-11159

Cisco Alerts of Decade-Old ASA WebVPN Vulnerability Exploitation

Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities

Multiple Mozilla Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan