

Cisco Alerts of Decade-Old ASA WebVPN Vulnerability Exploitation
December 4, 2024
Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
December 4, 2024
Cisco Alerts of Decade-Old ASA WebVPN Vulnerability Exploitation
December 4, 2024
Multiple GitLab Community Edition and Enterprise Edition Vulnerabilities
December 4, 2024Severity
High
Analysis Summary
CVE-2024-10466 CVSS:7.5
Mozilla Firefox is vulnerable to a denial of service. By sending a specially crafted push message, a remote attacker could exploit this vulnerability to hang the parent process, causing the browser to become unresponsive.
CVE-2024-11159 CVSS:6.5
Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error when using remote content in OpenPGP encrypted messages. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to lead to the disclosure of plaintext.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-10466
- CVE-2024-11159
Affected Vendors
Affected Products
- Mozilla Firefox 131
- Mozilla Firefox ESR 128.3
- Mozilla Thunderbird - 131
- Mozilla Thunderbird - 128.4.2
- Mozilla Thunderbird - 132.0.0
- Mozilla Thunderbird - unspecified
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.