thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking

The Mozilla Foundation's Security Advisory describes the following issue: It is possible to craft an email that shows a tracking link as an attachment. If the user attempts to open the attachment, Thunderbird automatically accesses the link. The configuration to block remote content does not...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

CVE-2002-2341

Cross-site scripting XSS vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL...

CVE-2025-24172

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. "Block All Remote Content" may not apply for all mail previews...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS, which stems from the fact that blocking all remote content may not apply to all mail previews...

SUSE CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content

The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...

Mozilla Firefox Security Advisory (MFSA2021-38) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-38. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Ubuntu: Security Advisory (USN-5074-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisories (MFSA2021-31, MFSA2021-42) - Windows

This host is missing a security update according to Mozilla. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Firefox Security Advisories (MFSA2021-31, MFSA2021-42) - Mac OS X

This host is missing a security update according to Mozilla. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

多款Apple产品安全漏洞

Apple iOS and others are products of Apple Inc.Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for iPad tablets.Apple macOS Monterey is the 18th major version of macOS, the operating system for the Macintosh desktop.... A security vulnerability...

OPENSUSE-SU-2019:2664-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to version 65.0.3467.62 - CHR-7658 Update chromium on desktop-stable-78-3467 to 78.0.3904.108 - DNA-81387 Remove support for old bundle structure in signing scripts - DNA-81675 Update widevine signature localisation in signed...

Mozilla Firefox 65 Ups the Ante on Privacy with Anti-Tracking Efforts

Mozilla has unveiled new anti-tracking policies and redesigned privacy controls in tandem with the release of Firefox 65 on Tuesday. The company announced a new set of redesigned controls for the Content Blocking section, where users can choose their desired level of privacy protection. These are...

Security update for Chromium (important)

This update to Chromium 71.0.3578.98 fixes the following issues: Security issues fixed boo1118529: - CVE-2018-17480: Out of bounds write in V8 - CVE-2018-17481: Use after frees in PDFium - CVE-2018-18335: Heap buffer overflow in Skia - CVE-2018-18336: Use after free in PDFium - CVE-2018-18337: Us...

WordPad Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects. An attacker who successfully exploited the vulnerability could bypass content blocking. In a file-sharing attack scenario, an attacker could provide a specially crafted document file...

CVE-2017-7835

Mixed content blocking of insecure HTTP sub-resources in a secure HTTPS document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox 57...