Updated firefox packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

Ampache Cross-Site Scripting Vulnerability (CNVD-2024-15737)

Ampache is a web-based audio/video application and file manager. A cross-site scripting vulnerability exists in Ampache 6.2.1 and earlier versions, which stems from a lack of effective filtering and escaping of user-supplied data by the rule, and can be exploited by an attacker to execute arbitra...

CVE-2024-28853 Ampache Stored XSS

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of...

CVE-2024-28853 Ampache Stored XSS

Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting XSS vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of...

CVE-2023-38537

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...

CVE-2023-38537

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...

CVE-2023-26041

The CVE-2023-26041 issue affects Nextcloud Talk: when cron jobs are misconfigured, expired messages are not actually expired and the API still returns them, with frontend hiding not applied. This results in conversations showing messages that should have expired. Affected product: Nextcloud Talk ...

Ampache Cross-Site Scripting Vulnerability (CNVD-2023-07918)

Ampache is a web-based audio/video application and file manager. cross-site scripting vulnerability exists in versions prior to Ampache 5.5.7, which stems from the fact that a user can insert malicious js in url-specific parameters and send links to other users, leading to a cross-site scripting...

FreeRDP < 2.8.1 Multiple Vulnerabilities

FreeRDP is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Mageia: Security Advisory (MGASA-2022-0437)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-39283

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in...

CVE-2022-39283

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in...

CVE-2022-39283 FreeRDP may read and display out of bounds data

FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the /video command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in...

Default credentials

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek's software development kit SDK that could be abused by an adversary to gain improper access to audio and video streams. "Successful...

CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...

CVE-2021-23973

When trying to load a cross-origin resource in an audio/video context a decoding error may have resulted, and the content of that error may have revealed information about the resource. This vulnerability affects Firefox 86, Thunderbird 78.8, and Firefox ESR 78.8...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as the MediaError message property leaks cross-origin response status when trying to load a non-video in an audio/video context...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

Authentication flaw

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...