Linux Distros Unpatched Vulnerability : CVE-2025-1939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into...

Linux Distros Unpatched Vulnerability : CVE-2025-1940

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an...

Astra Linux – Vulnerability in Firefox

An inconsistent comparator in xslt/txNodeSorter could have led to potentially exploitable out-of-bounds access. This issue only affected versions 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape...

firefox: Clickjacking the registerProtocolHandler info-bar Reporter

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A web page could trick a user into setting that site as the default handler for a custom URL protocol...

SUSE CVE-2025-1943

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136...

SUSE CVE-2025-1930

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird...

SUSE CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

UBUNTU-CVE-2025-1930

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird...

UBUNTU-CVE-2025-1941

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed distinct from CVE-2025-0245. This vulnerability affects Firefox 136...