CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

Google Chrome < 138.0.7204.49 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 138.0.7204.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 202506stable-channel-update-for-desktop24 advisory. - Insufficient data validation in DevTools in Google Chrome on Windows prior t...

PT-2025-26787 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.49 Description: Insufficient data validation in DevTools in Google Chrome on Windows allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient DevTools data validation, which can be exploited by an attacker to execute arbitrary code via a crafted HTML page...

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

In DevTools of Google Chrome, out-of-bounds memory access prior to version 136.0.7103.59 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Firefox

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

Astra Linux – Vulnerability in Firefox

If a user saved a response from the Network tab in Devtools using the “Save As” context menu option, the file might not have been saved with the .download file extension. This could have allowed the user to run a malicious executable inadvertently. This vulnerability has been fixed in Firefox 140...

The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability of the DevTools set of tools for web development in Google Chrome relates to the use of memory after it is released. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause a service failure...

The vulnerability of the preview function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client allows a hacker to bypass the Content Security Policy (CSP) protection mechanism.

The vulnerability of the pre-viewing function of the DevTools set of web development tools for Mozilla Firefox and the Thunderbird email client is related to a lack of mechanisms for encoding or blocking output data when processing headers. Exploiting this vulnerability could allow an attacker to...

FreeBSD : Firefox -- content injection attack (a3291f81-3d7c-11f0-9a55-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a3291f81-3d7c-11f0-9a55-b42e991fc52e advisory. [email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have...

CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox 139 and Thunderbird 139...

UBUNTU-CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox 139 and Thunderbird 139...

CVE-2025-5271

Summary : CVE-2025-5271 corresponds to a vulnerability where Devtools’ preview of responses failed to enforce CSP headers, potentially enabling content-injection attacks. The public records indicate affected products include Mozilla Firefox version prior to 139 and Mozilla Thunderbird prior to 13...

Firefox -- content injection attack

[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...

Fedora: Security Advisory (FEDORA-2025-eab322e215)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...

MGASA-2025-0159 Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...