Astra Linux - уязвимость в firefox

Setting a nameless cookie with an equals sign in its value can shadow other cookies. This occurs even if the nameless cookie is set via HTTP, and if the shadowed cookie includes the Secure attribute. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird...

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987443)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987443 advisory. The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 14...

EUVD-2025-25230

Malicious code in bioql PyPI...

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

TencentOS Server 3: firefox (TSSA-2025:0695)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0695 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 141...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS 141...

CVE-2025-54145

The CVE-2025-54145 issue affects Mozilla Firefox for iOS, specifically versions before 141. The vulnerability arises from the QR scanner and Firefox’s open-text URL scheme, which could cause a user to load arbitrary websites. Documented impact is high (H) with user interaction required and no pri...

CVE-2025-54144 Internal Firefox open-text URL scheme allowed loading of arbitrary URLs

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...

CVE-2025-8364

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

CVE-2025-8364 Address bar spoofing using an blob URI on Firefox for Android

A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 141...

Linux Distros Unpatched Vulnerability : CVE-2025-8043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141. CVE-2025-8043 Note that Nessus...

SUSE CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141...

SUSE CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141...

CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 141 and Thunderbird 141...

CVE-2025-8038

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1...

UBUNTU-CVE-2025-8044

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141 and Thunderbird 141...

UBUNTU-CVE-2025-8043

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141...