CVE-2026-34596

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

EUVD-2026-27468

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a Time-of-Check-to-Time-of-Use TOCTOU race condition exists during addon installation. When a user installs an addon through the SandMan interface, UpdUtil.exe is spawned as SYSTEM by...

Jpress 命令注入漏洞

Jpress is a set of blogging platforms developed by the Jpress team using the Java language. an access control error vulnerability exists in Jpress, which stems from the product allowing the io.jpress.web.admin.AddonController::doUploadAndInstall function to execute commands. No detailed...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability

Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in the add-on installation feature of Mozilla Firefox versions...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2723-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2723-1 advisory. A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially...

Firefox Remote Compromise Technical Details

Firefox Remote Compromise Technical Details Before I start, I need to say that this thing has been patched on Mozilla's server. If you take a look at any of the extension install pages on their site, you will see that the install function has a bunch of random letters and numbers after it. Even...