Astra Linux - уязвимость в firefox, thunderbird

Cross-compartment wrappers used to wrap a scripted proxy might have caused objects from other compartments to be stored in the main compartment, resulting in a “use-after-free” error after unwrapping the proxy. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux - уязвимость в firefox, thunderbird

Cross-compartment wrappers used to wrap a scripted proxy might have caused objects from other compartments to be stored in the main compartment, resulting in a “use-after-free” vulnerability. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

Astra Linux - уязвимость в firefox, thunderbird

The JavaScript garbage collector might incorrectly color cross-compartment objects if OOM conditions are detected at the right time between two passes. This could lead to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...

CVE-2026-24487 OpenEMR has FHIR Patient Compartment Bypass in CareTeam Resource

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource endpoint allows patient-scoped FHIR tokens to access care team data for all patients instead of bein...

MiracleLinux 8 : thunderbird-128.2.0-1.el8_10.ML.1 (AXSA:2024-8858:20)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8858:20 advisory. thunderbird: 115.15/128.2 mozilla: Type confusion when looking up a property name in a with block CVE-2024-8381 mozilla: Internal event interfaces...

EUVD-2018-10228

Malware in sbrugna...

EUVD-2023-41122

Malicious code in bioql PyPI...

EUVD-2025-1572

Malicious code in bioql PyPI...

EUVD-2023-29642

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-37202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a...

Surveilling Your Children with AirTags

Skechers is making a line of kid's shoes with a hidden compartment for an AirTag...

CVE-2025-32792

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...

CVE-2025-32792 ses's global contour bindings leak into Compartment lexical scope

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...

CVE-2025-32792 ses's global contour bindings leak into Compartment lexical scope

SES safely executes third-party JavaScript 'strict' mode programs in compartments that have no excess authority in their global scope. Prior to version 1.12.0, web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that hav...

ses's global contour bindings leak into Compartment lexical scope

Impact Web pages and web extensions using ses and the Compartment API to evaluate third-party code in an isolated execution environment that have also elsewhere used const, let, and class bindings in the top-level scope of a tag will have inadvertently revealed these bindings in the lexical scope...

FreeBSD : Mozilla -- use-after-free while parsing JSON (f1f92cd3-116c-11f0-8b2c-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f1f92cd3-116c-11f0-8b2c-b42e991fc52e advisory. [email protected] reports: Parsing a JavaScript module as JSON could, under some circumstances, caus...

Linux Distros Unpatched Vulnerability : CVE-2025-0240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability wa...

OESA-2025-1049 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects...

MGASA-2025-0009 Updated firefox packages fix security vulnerabilities

WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...

firefox: Compartment mismatch when parsing JavaScript JSON module

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free...