firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...

firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the nftables rule generation process. An attacker can gain unauthorized access to network traffic and impersonate other virtual machines or containers by exploiting the partial bypass of security filtering...

libthrift: potential DoS when processing untrusted payloads

A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentiall...

SUSE CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

SUSE CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox 140 and Thunderbird 140...

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12,...

UBUNTU-CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

UBUNTU-CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6432 DNS Requests leaked outside of a configured SOCKS proxy

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

CVE-2025-6432 DNS Requests leaked outside of a configured SOCKS proxy

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

CVE-2025-6432

CVE-2025-6432 affects Mozilla Firefox and Thunderbird (Firefox < 140 and Thunderbird

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox, which stems from a flaw in Multi-Account Containers, and can be exploited by attackers to bypass security restrictions...

PT-2025-26729

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue occurs when Multi-Account Containers is enabled, allowing DNS requests to bypass a SOCKS proxy under certain conditions, such as when the domain name is invalid or the SOCKS proxy is not...

Moderate: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.8 security and bug fix update

The Migration Toolkit for Containers MTC 1.8.8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...