PT-2026-33385

Name of the Vulnerable Software and Affected Versions Data Sharing Framework versions prior to 2.1.0 Description OIDC-authenticated sessions lack a configured maximum inactivity timeout, allowing sessions to persist indefinitely after login, even after the OIDC access token has expired. This allo...

chromium-browser: Insufficient policy enforcement in WebSockets

Insufficient policy enforcement in WebSockets in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

RHEL 5 / 6 / 7 : thunderbird (RHSA-2015:2519)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2015:2519 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. ...

SUSE: Security Advisory for MozillaFirefox (SUSE-SU-2015:1926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mixed content WebSocket policy bypass through workers — Mozilla

Mozilla developer Ehsan Akhgari reported a mechanism through which a web worker could be used to bypass secure requirements for WebSockets when workers are used to create WebSockets. This allows for the bypassing of mixed content WebSocket policy...