Astra Linux – Vulnerability in Firefox, Thunderbird

When accessing directory listings for chrome:// URLs as source text, certain parameters are reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...

UBUNTU-CVE-2025-3522

Thunderbird processes the X-Mozilla-External-Attachment-URL header to handle attachments which can be hosted externally. When an email is opened, Thunderbird accesses the specified URL to determine file size, and navigates to it when the user clicks the attachment. Because the URL is not validate...

SUSE CVE-2020-6522

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

SUSE CVE-2021-30574

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

Mozilla: Directory indexes for bundled resources reflected URL parameters

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when visiting directory listings for chrome:// URLs as source text, some parameters were reflected...

The vulnerability of the Protocol Handling component in the Google Chrome web browser allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Protocol Handling component in the Google Chrome web browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure or execute arbitrary code by opening a specially crafted malicious web pa...

UBUNTU-CVE-2021-30574

Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6522

Inappropriate implementation in external protocol handlers in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

The vulnerability of the Bookmarks component in Google Chrome allows a hacker to execute a JavaScript script on pages with the URL chrome://.

The vulnerability of the Bookmarks component in Google Chrome browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a JavaScript script on the chrome:// page remotely, using a specially crafted tab...

Firefox arbitrary JavaScript code execution

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."...

vulnerabilities: CVE-2006-{3113,3677,3801-3812}

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links...