Debian dla-4594 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4594 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4594-1 [email protected]...

CVE-2026-8954

CVE-2026-8954 affects Mozilla Firefox’s Audio/Video component. The issue is described as incorrect boundary conditions and an integer overflow, with a fix implemented in Firefox 151 and Firefox ESR 140.11. The available sources do not provide additional technical specifics such as the exact vulne...

CVE-2026-8092 Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox 150.0.2

Memory safety bugs present in Firefox ESR 115.35.1, Firefox ESR 140.10.1 and Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox...

Astra Linux - уязвимость в firefox, thunderbird

In some code patterns, JIT incorrectly optimized switch statements and generated code that contained vulnerabilities related to out-of-bounds reads. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...

CVE-2026-2778

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

CVE-2026-2766

Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

firefox security update

140.7.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 140.7.0 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.7.0-1 - Update to 140.7.0 ESR...

CVE-2026-0887

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

CVE-2025-14323 Privilege escalation in the DOM: Notifications component

Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.5.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This...

EUVD-2017-16766

Malware in sbrugna...

EUVD-2017-16757

Malware in sbrugna...

OESA-2025-2340 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

...

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

...

firefox: thunderbird: Memory safety bugs

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs are present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140, and Thunderbird 140. Some...

firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption, and we presume that with enough...

Mozilla Firefox ESR < 115.23

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory. - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which...