Astra Linux - уязвимость в firefox, thunderbird

When checking whether the Browsing Context was discarded in HttpBaseChannel, if the load group was not available, it was assumed that the Browsing Context had already been discarded. However, this assumption was not always true for private channels after the private session ended. This...

CVE-2026-34765

CVE-2026-34765 : Electron prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5 has a window.open() targeting flaw where the named-window lookup is not scoped to the opener’s browsing context group. A renderer could navigate a child window opened by a different renderer if both share the same targe...

CVE-2026-34765 Electron named window.open targets not scoped to the opener's browsing context

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...

USN-7991-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

Researchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking Data

Cybersecurity researchers have disclosed a new set of vulnerabilities impacting OpenAI's ChatGPT artificial intelligence AI chatbot that could be exploited by an attacker to steal personal information from users' memories and chat histories without their knowledge. The seven vulnerabilities and...

EUVD-2023-54437

Malicious code in bioql PyPI...

EUVD-2023-27700

Malicious code in bioql PyPI...

USN-7663-1 thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

CVE-2023-23600

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other...

CVE-2024-39307 Cross-Site Scripting (XSS) vulnerability via crafted ebooks in Kavita

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...

CVE-2024-35236 Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges upload, creation of libraries can lead to remote code execution RCE in t...

USN-6515-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

RLSA-2023:4954 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0. Security Fixes: Mozilla: Memory corruption in IPC CanvasTranslator CVE-2023-4573 Mozilla: Memory corruption in IPC ColorPickerShownCallback CVE-2023-4574 Mozilla: Memory corruption...

DEBIAN-CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...

CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...

Design/Logic Flaw

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...

CVE-2023-4583 Browsing Context potentially not cleared when closing Private Window

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...

CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...

CVE-2023-4583

CVE-2023-4583 concerns a logic issue in the HTTP/Browsing Context handling within Mozilla Firefox/Thunderbird. The flaw occurs when HttpBaseChannel checks whether a Browsing Context has been discarded; if the load group is unavailable, it may assume discard even for private channels after a priva...

CVE-2023-4583

When checking if the Browsing Context had been discarded in HttpBaseChannel, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox 117, Firef...