ROS-20260626-73-0011

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20260622-73-0012

The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Astra Linux – Vulnerability in Firefox and Thunderbird

The black fade animation when exiting fullscreen is roughly the same duration as the delay in permission prompts during the anti-clickjacking process. It was possible to take advantage of this fact to surprise users by tempting them to click on the permission grant button before it appeared. This...

Astra Linux – Vulnerability in Firefox, Thunderbird

A use-after-free might have occurred when an HTTP2 session object was released on a different thread, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

Astra Linux – Vulnerability in nss

NSS has demonstrated timing differences during the execution of DSA signatures, which can be exploited and may eventually lead to the leakage of private keys. This vulnerability affects Thunderbird versions 68.9.0, Firefox versions 77, and Firefox ESR versions 68.9...

Astra Linux – Vulnerability in Firefox and Thunderbird

If a Blob URL is loaded through some unusual user interaction, it may have been loaded by the system principal, granting additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

Astra Linux – Vulnerability in Firefox and Thunderbird

The garbage collector might have been aborted in several states and zones, and GCRuntime::finishCollection might not have been called, resulting in a use-after-free and potentially exploitable crash. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Astra Linux – Vulnerability in Firefox and Thunderbird

It was possible to create specific XSLT markup that could bypass the iframe sandbox. This vulnerability affects Firefox ESR versions prior to 91.5, Firefox versions prior to 96, and Thunderbird versions prior to 91.5...

Astra Linux – Vulnerability in Firefox and Thunderbird

When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

Astra Linux – Vulnerability in Firefox and Thunderbird

Using XMLHttpRequest, an attacker could identify installed applications by probing error messages related to loading external protocols. This vulnerability affects Thunderbird version 91.4.0, Firefox ESR version 91.4.0, and Firefox version 95...

Astra Linux – Vulnerability in Firefox and Thunderbird

By injecting a cookie with certain special characters, an attacker on a shared subdomain that is not in a secure context can set and overwrite cookies from a secure context. This leads to session fixation and other attacks. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has...

firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these...

CVE-2026-12298

Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

CVE-2026-12292

Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

EUVD-2026-37076

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

CVE-2026-12330 Incorrect boundary conditions in the Internationalization component

Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...

EUVD-2026-37075

Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...