Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU75874
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2023-32205
CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can obscure browser prompts and perform spoofing attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Red Hat Enterprise Linux for ARM 64: 8
Red Hat Enterprise Linux for Power, little endian: 8
Red Hat Enterprise Linux for IBM z Systems: 8
Red Hat Enterprise Linux for x86_64: 8.0
firefox (Red Hat package): before 102.11.0-2.el8_7
CPE2.3
External links
http://access.redhat.com/errata/RHSA-2023:3220
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU75875
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-32206
CWE-ID: CWE-125 - Out-of-bounds read
Exploit availability: No
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the RLBox Expat driver. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds read error and crash the browser.
Support the originator by clicking the read the rest link below.