EUVD-2020-27957

Malware in sbrugna...

EUVD-2020-4704

Malware in sbrugna...

EUVD-2025-12687

Malicious code in bioql PyPI...

FreeBSD : Mozilla -- Insufficient input escaping (44b3048b-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 44b3048b-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Insufficient escaping in the Copy as cURL feature could potentially be us...

CVE-2025-8030 Potential user-assisted code execution in “Copy as cURL” command

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Mozilla Thunderbird < 128.13

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-62 advisory. - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbir...

FreeBSD : Mozilla -- local code execution (5ec0b4e5-4222-11f0-976e-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ec0b4e5-4222-11f0-976e-b42e991fc52e advisory. [email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL...

CVE-2025-5264

Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbir...

FreeBSD : Mozilla -- insufficient character escaping (a59bd59e-2e85-11f0-a989-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a59bd59e-2e85-11f0-a989-b42e991fc52e advisory. [email protected] reports: Due to insufficient escaping of special characters in the copy as cURL...

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-4089 Potential local code execution in "copy as cURL" command

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-4089

Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

PT-2025-18158

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Thunderbird versions prior to 138 Description The issue arises from insufficient escaping of special characters in the "copy as cURL" feature. This could allow an attacker to trick a user into executing a command,...

Security fix for the ALT Linux 10 package firefox-esr version 91.5.0-alt1

91.5.0-alt1 built Jan. 19, 2022 Andrey Cherepanov in task 293339 Jan. 11, 2022 Andrey Cherepanov - New ESR version. - Security fixes: + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof + CVE-2022-22743 Browser window spoof using fullscreen mode + CVE-2022-2274...

Mozilla Firefox Security Advisories (MFSA2021-55, MFSA2022-03) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Arbitrary Code Execution

firefox is vulnerable to arbitrary code execution. The vulnerability exists as the Copy as cURL feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website...

Ubuntu: Security Advisory (USN-4353-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Vulnerabilities fixed in Firefox ESR 68.8 — Mozilla

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.Note: this issue only affects Firef...

Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4335-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an...

CVE-2020-6811

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command...