8 matches found
SUSE-SU-2026:2852-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues Update to Firefox 140.12.0 ESR MFSA 2026-58, bsc1268071: - CVE-2026-12289: Privilege escalation in the Graphics: WebRender component. - CVE-2026-12290: Memory safety bug fixed in Firefox ESR 140.12. - CVE-2026-12291: Use-after-free in...
CVE-2026-56022
Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additional MFA requirements. Fixed in 2.641...
Linux Distros Unpatched Vulnerability : CVE-2026-6760
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. CVE-2026-6760 Note that Nessus relies o...
CVE-2024-20869
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies...
Mozilla Firefox Security Advisory (MFSA2023-22) - Linux
The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2023-22. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
GHSA-PX8H-6QXV-M22Q Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain. Werkzeug = 2.2.2 will parse the cookie =Host-test=bad as...
CVE-2023-23934 Wrkzeug's incorrect parsing of nameless cookies leads to __Host- cookies bypass
Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for another subdomain...
Mozilla: Reader mode bypassed SameSite cookies
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of requests initiated through the reader mode did not properly omit cookies with a SameSite attribute...