Chris Peterson

**Nome do Software Vulnerável e Versões Afetadas** Bit integrations – Form Integration, Webhook, Spreadsheets, CRM, LMS & Email Automation versões anteriores a 2.8.8 **Description** Existe um problema onde atacantes não autenticados podem realizar Server-Side Request Forgery (SSRF), uma falha que permite que um servidor seja coagido a fazer requisições para um local não pretendido. Isso pode ser usado para consultar ou modificar informações de serviços internos. O problema ocorre através da função `upload attachment`. A exploração requer que uma integração de formulário esteja configurada com um campo mapeado para uma imagem de produto WooCommerce, galeria de produtos, arquivos para download ou campo de anexo do Google Contacts. **Recommendations** Atualize para uma versão posterior a 2.8.7.

The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pull the trigger. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Exploitation requires that the admin-configured webhook URL contains a Contact Form 7 field placeholder in the host segment of the URL, and that the affected form is publicly accessible.

Nome do Software Vulnerável e Versões Afetadas: Versões do Firefox para Android anteriores à 141 Descrição: O Firefox para Android exibia URLs na barra de endereços truncando o final da URL em vez de priorizar a origem, potencialmente enganando os usuários sobre o site real que estão visitando. Recomendações: Atualize o Firefox para Android para a versão 141 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 118 Firefox ESR versions prior to 115.3 Thunderbird versions prior to 115.3 **Description** The issue is related to memory safety bugs, which have shown evidence of memory corruption. It is presumed that with enough effort, some of these bugs could be exploited to run arbitrary code. The vulnerability is also described as a buffer overflow in memory, which could allow a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 118, update to version 118 or later. For Firefox ESR versions prior to 115.3, update to version 115.3 or later. For Thunderbird versions prior to 115.3, update to version 115.3 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 110.1.0 **Description** The issue is related to a use-after-free vulnerability in the libaudio library of Mozilla Firefox for Android. This vulnerability can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. The vulnerability is caused by the use of memory after it has been freed. **Recommendations** For Firefox for Android versions prior to 110.1.0, update to version 110.1.0 or later to resolve the issue. As a temporary workaround, consider disabling the AAudio backend when running on Android API below version 30 to minimize the risk of exploitation.

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 91 **Descrição** O problema está relacionado a um estouro de buffer na memória, permitindo que um invasor remoto execute código arbitrário. Está associado a falhas de segurança na memória que apresentaram indícios de corrupção de memória, o que poderia ser potencialmente explorado. **Recomendações** Para versões anteriores à 91, atualize para a versão 91 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso a recursos confidenciais até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 53 Firefox ESR versions prior to 45.9 Firefox ESR versions prior to 52.1 Thunderbird versions prior to 52.1 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. This is due to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. **Recommendations** For Firefox versions prior to 53, update to version 53 or later. For Firefox ESR versions prior to 45.9, update to version 45.9 or later. For Firefox ESR versions prior to 52.1, update to version 52.1 or later. For Thunderbird versions prior to 52.1, update to version 52.1 or later.