20 matches found
CVE-2026-44658
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-44658
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-44659
Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...
EUVD-2026-29133
Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...
CVE-2026-44659
CVE-2026-44659 – Zen Browser Mac : Zen is a Firefox-based browser. Before version 1.19.12b, the address bar truncates long hostnames, displaying only the attacker-controlled prefix of the subdomain and hiding the registrable domain (eTLD+1). This can enable attackers to craft extremely long subdo...
EUVD-2026-29132
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-44658
CVE-2026-44658 (Zen Browser) : Zen Browser is a Firefox-based browser. The issue arises when RSS/Atom item links parsed from feeds are mapped to item.url without the same http/https scheme restriction applied in promptForFeedUrl; these links are then used by the live-folder manager to create pinn...
CVE-2026-44658
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation
Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...
CVE-2026-41431
Zen Browser ships a MAR updater (org.mozilla.updater) with signature verification removed, leaving MAR files unsigned and the updater without verification code. Prior to version 1.19.9b, this enables arbitrary unsigned updates if the update server or GitHub release pipeline is compromised. The is...
CVE-2026-41431
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
EUVD-2026-29119
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...
Zen 安全漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contain security vulnerabilities. These vulnerabilities arise from the address bar incorrectly truncating long hostnames and displaying only the subdomain prefix controlled by the attacker, which may le...
Zen 输入验证错误漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.12b contained a vulnerability related to input validation errors. This vulnerability stemmed from project links in RSS subscriptions not being restricted by http or https, which could lead to security risks...
Zen 数据伪造问题漏洞
Zen is an open-source productivity browser based on Firefox. Versions of Zen prior to 1.19.9b contained a data manipulation vulnerability. This vulnerability stemmed from the removal of all MAR signature verifications from the Firefox code base, resulting in MAR files containing zero encrypted...
PT-2026-39659
Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...