OPENSUSE-SU-2026:10955-1 libmozjs-140-0-140.10.1-2.1 on GA media

These are all security issues fixed in the libmozjs-140-0-140.10.1-2.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-2447

Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...

Mozilla Firefox ESR Security Update (mfsa_2026-03) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox ESR Security Update (mfsa_2025-94) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Thunderbird < 140.6

The version of Thunderbird installed on the remote Windows host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-96 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146, Firefox ESR 140.6,...

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 140 and Thunderbird 140. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 141 and Thunderbird...

Fedora 43 : cef (2025-1e8f05e0a6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1e8f05e0a6 advisory. Update to 140.1.15^chromium140.0.7339.207 rhbz2396308 CVE-2025-10890: Side-channel information leakage in V8 CVE-2025-10891: Integer overflow in V8...

Mozilla Firefox ESR Security Update (mfsa_2025-83) - Mac OS X

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Debian dla-4311 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4311 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4311-1 [email protected]...

CVE-2025-10890

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2025-10500

Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

OPENSUSE-SU-2025:15548-1 chromedriver-140.0.7339.127-1.1 on GA media

These are all security issues fixed in the chromedriver-140.0.7339.127-1.1 package on the GA media of openSUSE Tumbleweed...

KLA87439 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Serviceworker can be exploited to cause denial of service or...

CVE-2025-9867

Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

PT-2025-35800

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 140.0.7339.80 Description: An inappropriate implementation in Downloads in Google Chrome on Android allowed a remote attacker to perform UI spoofing via a crafted HTML page. Recommendations: Update Google Chrom...

Mozilla Firefox ESR Security Update (mfsa_2025-67) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Thunderbird ESR Security Update (mfsa_2025-72) - Mac OS X

Mozilla Thunderbird ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...