Lucene search
K

32 matches found

CVE
CVE
added yesterday5 views

CVE-2026-45150

Zen Browser is a Firefox-based browser. The CVE-2026-45150 issue affects Zen prior to version 1.19.13b, where there was no persistent, clearly visible security notification when a page entered fullscreen. This could allow an attacker-controlled page to hide the real browser UI and origin informat...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-45150 Zen Browser - Missing Fullscreen Security Notification Allows Origin Spoofing

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS0.00027EPSS
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44703

Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser did not provide a persistent, clearly visible security notification when a webpage entered fullscreen mode, allowing an attacker-controlled page to hide the real browser UI and origin information, imitate a trusted website UI, and...

6.3CVSS6.1AI score0.00027EPSS
Exploits0References1
NVD
NVD
added last week6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added last week36 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
CVE
CVE
added last week11 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
OSV
OSV
added last week3 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6.1AI score0.0029EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.7 views

PT-2026-57005

Name of the Vulnerable Software and Affected Versions Zen versions prior to 1.21.5b Description In the glance and split-view context-menu actions, specifically Open link in glance and Split link in new tab, the browser loads a page-controlled link URL using the System principal instead of the...

6.1AI score0.0029EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS5.7AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.21 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.28 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:1 p.m.7 views

CVE-2026-44659

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/11 5:1 p.m.10 views

EUVD-2026-29133

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 5:1 p.m.25 views

CVE-2026-44659

CVE-2026-44659 – Zen Browser Mac : Zen is a Firefox-based browser. Before version 1.19.12b, the address bar truncates long hostnames, displaying only the attacker-controlled prefix of the subdomain and hiding the registrable domain (eTLD+1). This can enable attackers to craft extremely long subdo...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 5:1 p.m.3 views

CVE-2026-44659 Zen Browser Mac - Address Bar Spoofing via Long Subdomain

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS6AI score0.00164EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/11 5:0 p.m.10 views

CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 5:0 p.m.43 views

CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 5:0 p.m.15 views

EUVD-2026-29132

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder