PT-2025-36830

Name of the Vulnerable Software and Affected Versions: Microsoft Graphics Component affected versions not specified Description: A race condition exists due to concurrent execution using a shared resource with improper synchronization within the Microsoft Graphics Component. This allows an...

firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service due to out-of-memory in the Graphics: WebRender component...

thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component...

RHEL 8 : firefox (RHSA-2025:15418)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:15418 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

BIT-POWERSHELL-2022-41121 Windows Graphics Component Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability...

thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component...

AlmaLinux 9 : firefox (ALSA-2025:14416)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:14416 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escape due ...

FreeBSD : Mozilla -- Same-origin policy bypass (f6219d24-7eb0-11f0-ba14-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f6219d24-7eb0-11f0-ba14-b42e991fc52e advisory. [email protected] reports: 'Same-origin policy bypass in the Graphics: Canvas2D component.' Tenable...

CVE-2025-9180

Same-origin policy bypass in the Graphics: Canvas2D component. This vulnerability affects Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

Mozilla -- DoS in WebRender

[email protected] reports: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.'...

Mozilla -- Same-origin policy bypass

[email protected] reports: 'Same-origin policy bypass in the Graphics: Canvas2D component.'...

CVE-2025-49743

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2025-50165

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows, including Hyper-V, Graphics Component, and Routing and Remote Access Service RRAS. The vulnerabilities include several types of attacks, such as local privilege escalation, unwarranted access to sensitive information, and the potential for...

CVE-2025-50165

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network...

CVE-2025-50165

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network...

CVE-2025-49743

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2025-49743

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally...

CVE-2025-50165 Windows Graphics Component Remote Code Execution Vulnerability

...

CVE-2025-50165

CVE-2025-50165 targets the Windows/Microsoft Graphics Component through an untrusted pointer dereference in JPEG decoding, enabling remote code execution. Exploitation relies on specially crafted images (e.g., JPEG metadata segments) to trigger code execution without user interaction on affected ...