4 matches found
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431
Zen Browser ships a MAR updater (org.mozilla.updater) with signature verification removed, leaving MAR files unsigned and the updater without verification code. Prior to version 1.19.9b, this enables arbitrary unsigned updates if the update server or GitHub release pipeline is compromised. The is...
PT-2026-39659
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...