CVE-2026-2757

Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability affects Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

Google to Block Entrust Certificates in Chrome Starting November 2024

Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...

a-blog cms security breach

a-blog cms is a Japanese content management system CMS. A security vulnerability exists in a-blog cms that originates from a user with Contributor or higher privileges being able to execute arbitrary scripts on the user's web browser. The following products and versions are affected: a-blog cms...

CVE-2023-28162

While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

SUSE CVE-2022-22737

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

cg (>=1.0.0 <=16.3.4) potentially affected by CVE-2022-1554 via scout-browser (>=4.24.0 <=4.51.0)

scout-browser PYPI version =4.24.0, =1.0.0, =16.3.4 Source cves: CVE-2022-1554 Source advisory: OSV:GHSA-694V-63FQ-FMR4...

CVE-2022-28795

A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger the Password Manager Extension to fill in the password field automatically. An attacker could then...

UBUNTU-CVE-2018-4270

A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6...

Microsoft Internet Explorer and Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-12095)

Microsoft Internet Explorer IE and Microsoft Edge are both web browsers developed by the American company Microsoft. The former is the default browser that came with operating systems before Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10....

chromium-browser: ui spoofing in blink

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

UBUNTU-CVE-2017-5378

Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird 45.7, Firefox ESR 45....

StoreFront Header Branding Logo Display shows distorted when zoom is applied to browser (chrome, IE, Edge, Firefox)

When a custom logo is applied to a StoreWeb in Storefront 3.x and zoom feature on browser is used, the logo will be cut off and will not be displayed properly. This behavior can be seen in multiple browser versions...

Apple WebKit Arbitrary Code Execution Vulnerability (CNVD-2016-03507)

Apple WebKit is the open source web browser engine. An arbitrary code execution vulnerability exists in WebKit in Apple iOS prior to 9.3.2, tvOS prior to 9.2.1, and Safari prior to 9.1.1, which can be exploited by attackers to execute arbitrary code with the help of specially crafted web content...

Apple Safari WebKit bypasses same-origin policy vulnerability (CNVD-2015-02943)

WebKit is the open source web browser engine currently used by Safari, Chrome and other browsers. A bypass same-origin policy vulnerability exists in Apple Safari before 6.2.6, 7.1.6 before 7.x,8.0.6 before 8.x using WebKit's history implementation, which allows remote attackers to bypass the...

PT-2010-2251 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code by accessing an object that was not properly initialized or has be...

Internet Explorer Version Less than 12

Internet Explorer Version Less than 12...