Zefr0X

**Name of the Vulnerable Software and Affected Versions** tracing-subscriber versions prior to 0.3.20 **Description** tracing-subscriber was susceptible to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing manipulation of terminal title bars, screen clearing, or modification of the terminal display, potentially misleading users. Security issues in terminal emulators have been found that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator. **Recommendations** Update to version 0.3.20 or later to resolve this issue. As a temporary workaround, avoid printing logs to terminal emulators without escaping ANSI control sequences.

**Name of the Vulnerable Software and Affected Versions** foxmarks versions prior to 2.1.0 **Description** The issue is related to the creation of a temporary file in the /tmp directory with insecure permissions, allowing a malicious user to read confidential information from Firefox's database, including bookmarks, history, and input history. This occurs when the targeted user executes foxmarks bookmarks or foxmarks history commands. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the /tmp directory or monitoring the directory for insecure temporary files created by foxmarks.