Andrea Palazzo

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 68.11 **Description** The issue is related to a lack of restrictions on file uploads in Firefox ESR for Android, allowing an attacker to steal and upload local files of their choice. This could impact the confidentiality of protected information. The vulnerability can be exploited when a malicious file picker application is installed. **Recommendations** For Firefox ESR versions prior to 68.11, update to version 68.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of file picker applications in Firefox for Android until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 78.0.3904.70 **Description** The issue is related to insufficient validation of untrusted input in intents in Google Chrome on Android, which allowed a local attacker to leak files via a crafted application. It is also described as a lack of protection for service data, potentially allowing a remote attacker to gain unauthorized access to information using a specially crafted HTML page. Additionally, the vulnerability may enable malicious actors to discover the file storage and impact the system. **Recommendations** For versions prior to 78.0.3904.70, update to version 78.0.3904.70 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.44 PHP versions 5.5.x prior to 5.5.28 PHP versions 5.6.x prior to 5.6.12 **Description** The issue is related to the `make http soap request` function, which does not properly retrieve keys. This allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data representing a numerically indexed ` cookies` array. The `SoapClient:: call` method is also related to this issue. **Recommendations** For PHP versions prior to 5.4.44, update to version 5.4.44 or later. For PHP versions 5.5.x prior to 5.5.28, update to version 5.5.28 or later. For PHP versions 5.6.x prior to 5.6.12, update to version 5.6.12 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 6u101, 7u85, and 8u60 Java SE Embedded version 8u51 **Description** The issue is related to errors in the code of the Libraries subcomponent of the Java Platform. It allows remote attackers to affect confidentiality and integrity via unknown vectors. Exploitation of the issue may enable a remote attacker to gain read access to protected information using a Java Web Start application or a Java applet. **Recommendations** For Oracle Java SE versions 6u101, 7u85, and 8u60, update to a version that contains a fix for this issue. For Java SE Embedded version 8u51, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of Java Web Start applications and Java applets until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IcedTea-Web versions prior to 1.5.3 IcedTea-Web versions 1.6.x prior to 1.6.1 **Description** The issue allows remote attackers to inject applets into the .appletTrustSettings configuration file, bypassing user approval to execute the applet via a crafted web page. This is possibly related to line breaks in applet URLs, which are not properly sanitized. **Recommendations** For IcedTea-Web versions prior to 1.5.3, update to version 1.5.3 or later. For IcedTea-Web versions 1.6.x prior to 1.6.1, update to version 1.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** IcedTea-Web versions prior to 1.5.3 IcedTea-Web versions 1.6.x prior to 1.6.1 **Description** The issue allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page, due to improper determination of the origin of unsigned applets. **Recommendations** For versions prior to 1.5.3, update to version 1.5.3 or later. For versions 1.6.x prior to 1.6.1, update to version 1.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.45 PHP versions 5.5.x prior to 5.5.29 PHP versions 5.6.x prior to 5.6.13 **Description** The issue is related to the SoapClient call method in PHP, which does not properly manage headers. This allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the `serialize function call` function. **Recommendations** For PHP versions prior to 5.4.45, update to version 5.4.45 or later. For PHP versions 5.5.x prior to 5.5.29, update to version 5.5.29 or later. For PHP versions 5.6.x prior to 5.6.13, update to version 5.6.13 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.4.39 PHP versions 5.5.x prior to 5.5.23 PHP versions 5.6.x prior to 5.6.7 **Description** The issue is related to a "type confusion" problem in the SoapClient:: call method, which does not properly verify the data type of default headers, allowing remote attackers to execute arbitrary code by providing crafted serialized data. This is a result of an error in data processing. **Recommendations** For PHP versions prior to 5.4.39, update to version 5.4.39 or later. For PHP versions 5.5.x prior to 5.5.23, update to version 5.5.23 or later. For PHP versions 5.6.x prior to 5.6.7, update to version 5.6.7 or later.