firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

Astra Linux – Vulnerability in Firefox, Thunderbird

A “paste” button on a clipboard could be present across tabs, allowing for a spoofing attack. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...

Astra Linux – Vulnerability in Firefox, Thunderbird

After requesting multiple permissions and closing the first permission panel, subsequent permission panels will be displayed in a different position, but still record a click at the default location. This allows users to be tricked into accepting permissions they do not want to grant. This bug on...

Astra Linux – Vulnerability in Firefox and Thunderbird

Memory safety bugs exist in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...

Astra Linux – Vulnerability in Firefox

When downloading an HTML file, if the title of the page is formatted as a filename with a malicious extension, Firefox may save the file with that extension. This could lead to potential system compromise if the downloaded file is later executed. This vulnerability affects Firefox versions earlie...

Astra Linux – Vulnerability in Firefox, Thunderbird

Due to a layout change, the contents of iframes might be rendered outside of their borders. This could lead to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

Astra Linux – Vulnerability in Firefox, Thunderbird

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

Astra Linux – Vulnerability in Firefox

A compromised web child process could disable web security opening restrictions, resulting in a new child process being spawned within the file:// context. With a reliable exploit primitive, this new process could be exploited again, leading to arbitrary file reading. This vulnerability affects...

Astra Linux – Vulnerability in Firefox and Thunderbird

A permission leak could have occurred from a trusted site to an untrusted site through embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and Thunderbird 132...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.12.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

EUVD-2026-37097

Memory safety bug fixed in Thunderbird 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...

CVE-2026-12068

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when...

PT-2026-49049

Name of the Vulnerable Software and Affected Versions Avira Password Manager affected versions not specified Description An information disclosure issue exists in Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. A remote attacker operating a cross-origin iframe...

ROS-20260610-73-0019

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

ROS-20260610-73-0021

The vulnerability of the JavaScript Engine component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to access to resources through incompatible types. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility ...

ROS-20260610-73-0016

The vulnerability of the Access API components of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

ROS-20260610-73-0017

The vulnerability of the XPCOM component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to a numerical overflow vulnerability. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected informatio...

OPENSUSE-SU-2026:10977-1 MozillaFirefox-151.0.3-1.1 on GA media

These are all security issues fixed in the MozillaFirefox-151.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

ROS-20260609-73-0026

Vulnerability of Audio/Video components: Mozilla Firefox, Firefox ESR, and Thunderbird’s email client use web codecs. This vulnerability is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

ROS-20260609-73-0022

The vulnerability of the Telemetry component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to cause service failures...