Astra Linux - уязвимость в firefox, thunderbird

Memory safety bugs exist in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

CVE-2025-13226

CVE-2025-13226 is a Type Confusion in V8 affecting Google Chrome before 142.0.7444.59, enabling potential heap corruption via a crafted HTML page and, per the CVE entry, remote impact. The connected documents indicate the issue is addressed in the Chrome 142 release (Chrome 142.0.7444.59/60), wit...

CVE-2025-12725

Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

CVE-2025-12429

The CVE concerns Google Chrome’s V8: an inappropriate implementation allowed arbitrary read/write via a crafted HTML page in versions prior to 142.0.7444.59. It is rated High severity with a network vector and no user interaction required. Remediation is to upgrade to 142.0.7444.59 or newer (Chro...

CVE-2025-12428

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

EUVD-2025-25241

Malicious code in bioql PyPI...

Mozilla Focus for iOS cross-site scripting vulnerability (CNVD-2025-19558)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in Mozilla Focus for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header, and can be exploited by an...

Mozilla Firefox for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19567)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A cross-site scripting vulnerability exists in Mozilla Firefox for iOS prior to version 142, which stems from an improper handling of the Content-Disposition header and can be exploited by an...

Mozilla Focus for iOS Cross-Site Scripting Vulnerability (CNVD-2025-19557)

Mozilla Focus for iOS is a privacy browser from the US-based Mozilla Foundation designed for iOS devices. A cross-site scripting vulnerability exists in versions prior to Mozilla Focus for iOS 142, which can be exploited by an attacker to execute arbitrary web script or HTML via injection of a...

CVE-2025-55032

Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142...

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142...

CVE-2025-9187

Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142...

CVE-2025-9185

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox 142...

CVE-2025-9186

Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox 142...

CVE-2025-9181

Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

CVE-2025-9182

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2...

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

DEBIAN-CVE-2025-9181

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

CVE-2025-55030

Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This vulnerability affects Firefox for iOS 142...