UBUNTU-CVE-2026-0891

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

MiracleLinux 9 : thunderbird-128.9.0-2.el9_5.ML.1 (AXSA:2025-9896:07)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9896:07 advisory. firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3029 firefox: thunderbird: Use-after-free triggered by XSLTProcessor...

MiracleLinux 9 : thunderbird-140.3.0-1.el9_6.ML.1 (AXSA:2025-10909:23)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10909:23 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

MiracleLinux 8 : thunderbird-128.6.0-3.el8_10.ML.1 (AXSA:2025-9550:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9550:02 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 CVE-2025-0243 firefox:...

Security Vulnerabilities fixed in Firefox 147 — Mozilla

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

Security Vulnerabilities fixed in Thunderbird 147 — Mozilla

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Memory safety bugs present in...

MiracleLinux 8 : python3.12-3.12.11-1.el8_10 (AXSA:2025-10429:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10429:06 advisory. cpython: Tarfile extracts filtered members when errorlevel=0 CVE-2025-4435 cpython: Bypass extraction filter to modify file metadata outside...

MiracleLinux 8 : thunderbird-128.8.0-2.el8_10.ML.1 (AXSA:2025-9775:05)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9775:05 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 CVE-2025-1938 firefox:...

MiracleLinux 9 : thunderbird-128.11.0-1.el9_6.ML.1 (AXSA:2025-10532:16)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10532:16 advisory. firefox: thunderbird: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: thunderbird: Out-of-bounds access when optimizing...

MiracleLinux 9 : firefox-128.9.0-2.el9_5.ML.1 (AXSA:2025-9835:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9835:10 advisory. firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3029 firefox: thunderbird: Use-after-free triggered by XSLTProcessor...

MiracleLinux 9 : thunderbird-140.4.0-2.el9_6.ML.1 (AXSA:2025-10991:24)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10991:24 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL...

MiracleLinux 8 : thunderbird-128.10.0-1.el8_10.ML.1 (AXSA:2025-9937:11)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9937:11 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

Linux Distros Unpatched Vulnerability : CVE-2026-0891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption...

Mozilla -- multiple vulnerabilities

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...

PT-2026-2653

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Thunderbird versions prior to 147 Firefox ESR versions prior to 140.7 Thunderbird ESR versions prior to 140.7 Description The software contains memory safety bugs that could potentially lead to arbitrary code...

CVE-2023-29551

Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2022-31748

Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited ...

CVE-2022-0511

Mozilla developers and community members Gabriele Svelto, Sebastian Hengst, Randell Jesup, Luan Herrera, Lars T Hansen, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96. Some of these bugs showed evidence of memory corruption and we presume that with enough effort so...

CVE-2022-0843

Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

CVE-2020-12411

Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 77...