145 matches found
Astra Linux - уязвимость в firefox
An attacker was able to perform out-of-bounds read or write operations on a JavaScript object by exploiting a bug related to range-based bounds checks. This vulnerability affects Firefox versions prior to 124.0.1...
Astra Linux - уязвимость в firefox
A malicious website can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been exploited in a spoofing attack. This vulnerability affects Firefox versions earlier than 119...
Astra Linux - уязвимость в firefox, thunderbird
When exiting fullscreen mode, an iframe could mislead the browser regarding the current state of fullscreen, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
CVE-2026-5732
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...
CVE-2026-5733
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2...
UBUNTU-CVE-2026-4709
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-4719
Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-4727
Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-4726
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-4712
Information disclosure in the Widget: Cocoa component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-4704 Denial-of-service in the WebRTC: Signaling component
Denial-of-service in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...
CVE-2026-4723
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...
CVE-2026-2772
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2790
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2782 Privilege escalation in the Netmonitor component
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
CVE-2026-2757
CVE-2026-2757 (FF/Thunderbird) is confirmed with root cause: incorrect boundary conditions in the WebRTC: Audio/Video component, fixed in Firefox 148, Firefox ESR 115.33/140.8 ESR, Thunderbird 148/140.8. Affected products explicitly include Firefox and Thunderbird lines in multiple advisories (AL...
firefox: thunderbird: Information disclosure in the Networking component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure in the Networking component...
CVE-2026-24869 Use-after-free in the Layout: Scrolling and Overflow component
Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability was fixed in Firefox 147.0.2...
CVE-2026-24868
CVE-2026-24868 describes a mitigation bypass in Firefox’s Privacy: Anti-Tracking component, affecting Firefox versions earlier than 147.0.2. The vulnerability is tied to a bypass of mitigation controls in the Anti-Tracking module; no exploit vectors or root-cause details are provided in the suppl...