David Klein

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 131 Firefox ESR versions prior to 128.3 Firefox ESR versions prior to 115.16 Thunderbird versions prior to 128.3 Thunderbird versions prior to 131 **Description** The issue is related to a flaw in the CORS mechanism of Mozilla Firefox, Firefox ESR, and the Thunderbird email client, specifically an error in source data confirmation. This could allow a remote attacker to bypass security restrictions, potentially leading to the arbitrary loading of cross-origin pages. **Recommendations** For Firefox versions prior to 131, update to version 131 or later. For Firefox ESR versions prior to 128.3, update to version 128.3 or later. For Firefox ESR versions prior to 115.16, update to version 115.16 or later. For Thunderbird versions prior to 128.3, update to version 128.3 or later. For Thunderbird versions prior to 131, update to version 131 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 HTML Sanitizer versions 1.0.0 through 1.5.1 TYPO3 HTML Sanitizer versions 1.0.0 through 2.1.2 **Description** The issue arises from an encoding problem in the serialization layer of TYPO3 HTML Sanitizer, allowing malicious markup nested in a `noscript` element to bypass the cross-site scripting mechanism. The `noscript` element is disabled by default but may be enabled in custom configurations. This enables the bypassing of the cross-site scripting protection provided by TYPO3 HTML Sanitizer. **Recommendations** Update to version 1.5.1 or 2.1.2 to fix the issue. As a temporary workaround, consider disabling the `noscript` element in custom configurations until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Sanitize versions 5.0.0 through 6.0.1 **Description** Sanitize is an allowlist-based HTML and CSS sanitizer. When configured with a custom allowlist that allows `noscript` elements, attackers can include arbitrary HTML, resulting in cross-site scripting or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. **Recommendations** For Sanitize versions 5.0.0 through 6.0.1, upgrade to version 6.0.1 or later to resolve the issue. As a temporary workaround, consider using one of Sanitize's default configs or ensuring that your custom config does not include `noscript` in the element allowlist.

**Name of the Vulnerable Software and Affected Versions** typo3/html-sanitizer versions prior to 1.5.0 or 2.1.1 **Description** The HTML sanitizer is written in PHP and aims to provide XSS-safe markup based on explicitly allowed tags, attributes, and values. However, due to a parsing issue in the upstream package masterminds/html5, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. The upstream package masterminds/html5 provides HTML raw text elements (`script`, `style`, `noframes`, `noembed`, and `iframe`) as DOMText nodes, which were not processed and sanitized further. Only custom behaviors using one of those tag names were vulnerable to cross-site scripting. **Recommendations** Update to version 1.5.0 or 2.1.1 to fix the issue. As a temporary workaround, consider disabling custom behaviors that use the `script`, `style`, `noframes`, `noembed`, or `iframe` tag names until a patch is available. Restrict access to the vulnerable masterminds/html5 package to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** typo3/html-sanitizer versions prior to 1.0.7 typo3/html-sanitizer versions prior to 2.0.16 **Description** The typo3/html-sanitizer package, an HTML sanitizer written in PHP, has a parsing issue due to the upstream package `masterminds/html5`. This issue allows malicious markup used in a sequence with special HTML comments to bypass the cross-site scripting mechanism. **Recommendations** For versions prior to 1.0.7, update to version 1.0.7 to resolve the issue. For versions prior to 2.0.16, update to version 2.0.16 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Telepresence System Integrator C Series versions 4.x before 4.2.0 **Description** The issue is related to a buffer overflow in the cuil component, allowing remote authenticated users to cause a denial of service, such as endpoint reboot or process crash, or possibly execute arbitrary code. This can be achieved by sending a long location parameter to the `getxml` program. **Recommendations** For versions 4.x before 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `getxml` program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs versions prior to TC 4.0.0 or F9.1 **Description** The issue allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061. **Recommendations** For versions prior to TC 4.0.0, update to TC 4.0.0 or later to resolve the issue. For versions prior to F9.1, update to F9.1 or later to resolve the issue. As a temporary workaround, consider restricting access to ports 5060 and 5061 to minimize the risk of exploitation.