9803 matches found
Mozilla多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...
KLA91059 Multiple vulnerabilities in Mozilla Thunderbird ESR
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability...
Malicious code in @antv/dom-util (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
PT-2026-42245
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description A use after free issue in the Document Object Model DOM allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of DOM elements after their release, which could allow remote attackers to execute arbitrary code with...
ALSA-2026:19160 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2...
Linux Distros Unpatched Vulnerability : CVE-2026-8955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
RHEL 10 : firefox (RHSA-2026:19160)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19160 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Mozilla Thunderbird < 151.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 151.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-50 advisory. - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence...
RHEL 9 : firefox (RHSA-2026:19201)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19201 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
KLA91058 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denia...
KLA91060 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Security...
Linux Distros Unpatched Vulnerability : CVE-2026-8947
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and...
KLA91066 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in WebRTC can be exploite...
1g6table (=0.1.0), 7qb (=0.0.17) +1266 more potentially affected by unknown CVE via @antv/dom-util (>=2.0.2 <=2.0.4)
@antv/dom-util NPM version =2.0.2, =1.1.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.1.2, =1.0.0, =0.2.0, =1.1.15, =1.0.4, =2.1.0 - @alifd/ice-devtools =1.1.14-beta.4 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVDOMUTIL-16754419...
@antv/ava (=3.6.0-alpha.0), @antv/g (>=6.0.0 <=6.2.1) +6 more potentially affected by unknown CVE via @antv/g-dom-mutation-observer-api (>=2.0.0 <=2.0.9)
@antv/g-dom-mutation-observer-api NPM version =2.0.0, =6.0.0, =0.5.9, =2.0.0, =1.2.5, =1.2.6 - expression-language-editor =0.0.4 Source cves: unknown CVE Source advisory: SNYK:JS-ANTVGDOMMUTATIONOBSERVERAPI-16754466...
@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +11 more potentially affected by unknown CVE via @antv/g-plugin-dom-interaction (>=2.0.0 <=2.1.9)
@antv/g-plugin-dom-interaction NPM version =2.0.0, =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory:...
@antv/g-canvas (>=2.0.0 <=2.0.52), @antv/g-canvaskit (>=1.0.0 <=1.0.51) +11 more potentially affected by unknown CVE via @antv/g-plugin-dom-interaction (>=2.0.0 <=2.1.9)
@antv/g-plugin-dom-interaction NPM version =2.0.0, =2.0.0, =1.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.56 - @antv/g6 =5.0.46 - @antv/g6-extension-3d =0.1.20 - @antv/s2 =2.4.12-alpha.1 Source cves: unknown CVE Source advisory:...
MGASA-2026-0145 Updated firefox & thunderbird packages fix security vulnerabilities
LZ4 compression library issue. CVE-2025-62813 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. CVE-2026-32776 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. CVE-2026-32777 libexpat before 2.7.5 allows a NULL pointer...