Marco Squarcina

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 135.0.7049.52 **Description** The issue is related to an inappropriate implementation in Custom Tabs, allowing a remote attacker to perform privilege escalation via a crafted app if the user is convinced to engage in specific UI gestures. **Recommendations** For versions prior to 135.0.7049.52, update to version 135.0.7049.52 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PHP (affected versions not specified) **Description** The issue is related to the incorrect handling of cookies by PHP applications, allowing network and same-site attackers to set a standard insecure cookie in the victim's browser, which is then treated as a Host- or Secure- cookie. This can potentially lead to session hijacking and unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 124 Firefox ESR versions prior to 115.9 Thunderbird versions prior to 115.9 **Description** The issue exists due to inadequate protection of web page structure when handling html and body tags. This could allow a remote attacker to gain unauthorized access to protected information. An attacker could use markup injection to steal nonce values, potentially bypassing strict content security policies. **Recommendations** For Firefox versions prior to 124, update to version 124 or later to resolve the issue. For Firefox ESR versions prior to 115.9, update to version 115.9 or later to resolve the issue. For Thunderbird versions prior to 115.9, update to version 115.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 17.4 Apple macOS Sonoma versions prior to 14.4 Apple visionOS versions prior to 1.1 Apple iOS versions prior to 17.4 Apple iPadOS versions prior to 17.4 Apple watchOS versions prior to 10.4 Apple iOS versions 16.7.6 and earlier Apple iPadOS versions 16.7.6 and earlier Apple Safari versions prior to 17.4 **Description** A logic issue was addressed with improved state management. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. **Recommendations** For Apple tvOS versions prior to 17.4, update to tvOS 17.4 or later. For Apple macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later. For Apple visionOS versions prior to 1.1, update to visionOS 1.1 or later. For Apple iOS versions prior to 17.4, update to iOS 17.4 or later. For Apple iPadOS versions prior to 17.4, update to iPadOS 17.4 or later. For Apple watchOS versions prior to 10.4, update to watchOS 10.4 or later. For Apple iOS versions 16.7.6 and earlier, update to iOS 17.4 or later. For Apple iPadOS versions 16.7.6 and earlier, update to iPadOS 17.4 or later. For Apple Safari versions prior to 17.4, update to Safari 17.4 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 17.4 macOS Sonoma versions prior to 14.4 iOS versions prior to 17.4 iPadOS versions prior to 17.4 watchOS versions prior to 10.4 tvOS versions prior to 17.4 **Description** An injection issue was addressed with improved validation. A maliciously crafted webpage may be able to fingerprint the user. The issue is related to the disclosure of information and may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted webpage. **Recommendations** For Safari versions prior to 17.4, update to Safari 17.4 or later. For macOS Sonoma versions prior to 14.4, update to macOS Sonoma 14.4 or later. For iOS versions prior to 17.4, update to iOS 17.4 or later. For iPadOS versions prior to 17.4, update to iPadOS 17.4 or later. For watchOS versions prior to 10.4, update to watchOS 10.4 or later. For tvOS versions prior to 17.4, update to tvOS 17.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 122.0.6261.57 **Description** The issue is related to an inappropriate implementation in the Content Security Policy (CSP) mechanism of Google Chrome, allowing a remote attacker to bypass existing security restrictions using a specially crafted HTML page. This could potentially lead to security policy violations. The estimated number of affected devices and real-world incidents are not specified. **Recommendations** For Google Chrome versions prior to 122.0.6261.57, update to version 122.0.6261.57 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 116 Firefox ESR versions prior to 102.14 Firefox ESR versions prior to 115.1 Thunderbird (affected versions not specified) **Description** The issue is related to errors in state management due to an excessive number of cookies in `document.cookie`. This could allow a remote attacker to impact the integrity of protected information. When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with the expected cookie jar state, potentially causing requests to be sent with some cookies missing. **Recommendations** For Firefox versions prior to 116, update to version 116 or later. For Firefox ESR versions prior to 102.14, update to version 102.14 or later. For Firefox ESR versions prior to 115.1, update to version 115.1 or later. As a temporary workaround for Thunderbird, consider restricting the use of the `document.cookie` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK versions prior to the fixed version WPE WebKit versions prior to the fixed version iOS versions prior to 16.6 iPadOS versions prior to 16.6 watchOS versions prior to 9.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 **Description** A logic issue was addressed with improved restrictions. Processing web content may lead to arbitrary code execution. This issue is caused by a buffer overflow in the web page display modules of WebKitGTK and WPE WebKit. **Recommendations** For WebKitGTK, update to a version that includes the fix for this issue. For WPE WebKit, update to a version that includes the fix for this issue. For iOS, update to version 16.6 or later. For iPadOS, update to version 16.6 or later. For watchOS, update to version 9.6 or later. For tvOS, update to version 16.6 or later. For macOS Ventura, update to version 13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Firefox for Android versions prior to 112 Focus for Android versions prior to 112 **Description** The issue is related to errors in the user interface's representation of information. It could allow a remote attacker to conduct spoofing attacks using a specially crafted cookie. When a secure cookie existed in the Firefox cookie jar, an insecure cookie for the same domain could have been created, leading to a desynchronization in expected results when reading from the secure cookie. **Recommendations** For Firefox versions prior to 112, update to version 112 or later to resolve the issue. For Firefox for Android versions prior to 112, update to version 112 or later to resolve the issue. For Focus for Android versions prior to 112, update to version 112 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Symfony versions prior to 4.4 **Description** The issue is related to incorrect session management in Symfony, a PHP framework for web and console applications. When authenticating users, Symfony by default regenerates the session ID upon login but preserves the rest of session attributes, including CSRF tokens. This might enable same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. **Recommendations** For versions prior to 4.4, update to version 4.4 or later, which includes the fix for this issue. As a temporary workaround, consider manually clearing CSRF tokens from the session on successful login to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** passport versions prior to 0.6.0 **Description** The issue affects the passport package, causing the session to be regenerated instead of being closed when a user logs in or logs out. **Recommendations** For versions prior to 0.6.0, update to version 0.6.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Java SE versions 6u181, 7u171, 8u162, 10 JRockit version R28.3.17 **Description** The issue allows an unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets, or by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. **Recommendations** For Java SE versions 6u181, 7u171, 8u162, 10, update to a version that contains the fix for this issue. For JRockit version R28.3.17, update to a version that contains the fix for this issue. As a temporary workaround, consider restricting access to the `Java SE, JRockit` component until a patch is available. Avoid using the vulnerable `Java Web Start` and `Java applets` until the issue is resolved.