Astra Linux – Vulnerability in Firefox

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS using DNS rebinding. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

EUVD-2025-25231

Malicious code in bioql PyPI...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...

CVE-2025-8041 Incorrect URL truncation in Firefox for Android

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability was fixed in Firefox 141...

CVE-2025-8364

Summary: CVE-2025-8364 affects Mozilla Firefox for Android (pre-141) due to a crafted blob: URI that can hide the page’s true origin, enabling potential spoofing. The issue is Android-only; other OSes are unaffected. Affected component is the browser’s handling of blob: URLs, with the root cause ...

CVE-2025-8364 Address bar spoofing using an blob URI on Firefox for Android

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

SUSE CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8039

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox 141 and Thunderbird 141...

UBUNTU-CVE-2025-8037

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

Mozilla多款产品 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser. Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The program supports IMAP, POP mail protocols, and HTML mail...

Mozilla多款产品 缓冲区错误漏洞

Mozilla Firefox and others are products of the Mozilla Foundation in the U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser.Mozilla Thunderbird is a suite of e-mail client software that is separate from the Mozilla...

Mozilla多款产品 数据伪造问题漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser. Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP and POP mail protocols as well as the...