CVE-2026-6779

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the JavaScript Engine component...

RHEL 10 : thunderbird (RHSA-2026:4260)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4260 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox...

AlmaLinux 10 : thunderbird (ALSA-2026:3517)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3517 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bug...

MiracleLinux 9 : thunderbird-140.8.0-1.el9_7.ML.1 (AXSA:2026-264:05)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-264:05 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...

MiracleLinux 9 : firefox-140.8.0-2.el9_7.ML.1 (AXSA:2026-241:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-241:03 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety...

AlmaLinux 9 : firefox (ALSA-2026:3339)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3339 advisory. libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs...

CVE-2025-4918 Out-of-bounds access when resolving Promise objects

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

Firefox 3.5.2 3.0.14 JavaScript engine crashes

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary...

Mozilla Foundation Security Advisory 2008-62

Mozilla Foundation Security Advisory 2008-62 Title: Additional XSS attack vectors in feed preview Impact: Critical Announced: December 16, 2008 Reporter: mozbugra4 Products: Firefox Fixed in: Firefox 2.0.0.19 Description Mozilla security researcher mozbugra4 reported an additional variation on th...