Astra Linux - уязвимость в firefox

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

Mozilla多款产品 安全漏洞

Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...

DEBIAN-CVE-2026-5732

Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...

CVE-2026-0818 CSS-based exfiltration of the content from partially encrypted emails when allowing remote content

When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If...

CVE-2025-12909

CVE-2025-12909 affects Google Chrome via Devtools: Insufficient policy enforcement in Devtools allows a remote attacker to leak cross-origin data. The vulnerability is tied to Chrome versions before 140.0.7339.80. Affected component: Devtools policy enforcement in Chrome/Chromium. Impact per sour...

CVE-2025-12907

CVE-2025-12907 affects Google Chrome DevTools (in Chrome prior to 140.0.7339.80). The issue is insufficient validation of untrusted input in DevTools, enabling a remote attacker to achieve arbitrary code execution via user actions in DevTools. Connected sources confirm the vulnerability exists in...

CVE-2025-10501

CVE-2025-10501 is a use-after-free in WebRTC within Chromium-based Chrome before version 140.0.7339.185. The vulnerability stems from heap corruption risk via crafted HTML, enabling remote attackers to potentially exploit memory safety. Connected sources confirm this exact flaw across multiple di...

Google Chrome < 140.0.7339.132 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 140.0.7339.132. It is, therefore, affected by multiple vulnerabilities as referenced in the 202509stable-channel-update-for-desktop9 advisory. - Inappropriate implementation in Mojo in Google Chrome on Android, Linux,...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome versions prior to 140.0.7339.80, which stems from an improper implementation of toolbars that could lead to domain spoofing...

SUSE CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

SUSE CVE-2025-6434

The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 1...

CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox 140 and...

CVE-2025-6432

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox 140 and Thunderbird 140...

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 140...

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox 140 and Thunderbird 140...

UBUNTU-CVE-2025-6428

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. This bug only affects Firefox for Android. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140...

UBUNTU-CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 140, which stems from allowing WebAuthn challenges despite invalid TLS certificates, which could lead to security risks...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 140, which stems from a memory security issue that could lead to memory corruption and the execution of arbitrary code...