Lucene search
K

35 matches found

AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.5 views

Astra Linux – Vulnerability in Firefox

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS using DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS7.7AI score0.00417EPSS
Exploits0References3
OSV
OSV
added 2025/10/11 1:19 p.m.3 views

OESA-2025-2361 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS7.4AI score0.00687EPSS
Exploits0References14
OSV
OSV
added 2025/10/11 1:19 p.m.2 views

OESA-2025-2360 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS7.4AI score0.00687EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-1670

Malware in sbrugna...

6.8CVSS6.1AI score0.00491EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-8036

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firef...

8.1CVSS7.5AI score0.00417EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2025/07/22 9:15 p.m.6 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS6AI score0.00417EPSS
Exploits0References6
NVD
NVD
added 2025/07/22 9:15 p.m.5 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS0.00417EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2025/07/22 8:49 p.m.3 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS5.8AI score0.00417EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/07/22 8:49 p.m.5 views

CVE-2025-8036

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

8.1CVSS8AI score0.00417EPSS
Exploits0
Mozilla
Mozilla
added 2025/07/22 12:0 a.m.10 views

Security Vulnerabilities fixed in Firefox ESR 140.1 — Mozilla

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...

9.8CVSS7.8AI score0.00472EPSS
Exploits0References14Affected Software1
FreeBSD
FreeBSD
added 2025/07/22 12:0 a.m.5 views

Mozilla -- CORS circumvention

[email protected] reports: Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding...

8.1CVSS6.7AI score0.00417EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.3 views

SUSE CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request...

6.8CVSS6.5AI score0.00491EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:17 a.m.4 views

SUSE CVE-2015-4520

Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging 1 duplicate cache-key generation or 2 retrieval of a value from an incorrect HTTP Access-Control- response header...

6.4CVSS9AI score0.03095EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2022/01/17 1:33 p.m.32 views

Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.17 views

Mozilla Firefox Security Advisory (MFSA2015-111) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.4CVSS9.5AI score0.03095EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.22 views

Mozilla Firefox Security Advisory (MFSA2015-127) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

7.5CVSS9.6AI score0.02841EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2020/02/07 2:44 p.m.36 views

CVE-2020-5397

A flaw was found in springframework. CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints are possible. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials a...

5.3CVSS2.2AI score0.02382EPSS
Exploits1References3
OSV
OSV
added 2020/01/17 7:15 p.m.24 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.8AI score0.02382EPSS
Exploits1References7
Prion
Prion
added 2020/01/17 7:15 p.m.18 views

Cross site request forgery (csrf)

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

2.6CVSS7.1AI score0.02382EPSS
Exploits1References7Affected Software27
UbuntuCve
UbuntuCve
added 2020/01/17 7:15 p.m.33 views

CVE-2020-5397

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC spring-webmvc module or Spring WebFlux spring-webflux module endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not inclu...

5.3CVSS6.4AI score0.02382EPSS
Exploits1References2
Rows per page
Query Builder