SUSE-SU-2025:02777-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. bsc1247564 - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web...

Mozilla: Blob URLs may have been granted additional privileges

If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the System Principal and granted additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...

CVE-2018-5142

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for...

Mozilla: Blob and data URLs bypass phishing and malware protection warnings (MFSA 2017-22)

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

Mozilla Firefox URL Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A URL spoofing vulnerability exists in Mozilla Firefox, where an attack can use a blob URL and a script to spoof arbitrary...