CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox 140 and Thunderbird 140...

UBUNTU-CVE-2025-6435

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

CVE-2025-6435 Save as in Devtools could download files without sanitizing the extension

If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and...

CVE-2025-6435

CVE-2025-6435 corresponds to a Mozilla Firefox/Thunderbird issue where saving a response from Devtools Network tab via the Save As menu may fail to preserve the .download extension. This could allow a user to inadvertently run a malicious executable. The FreeBSD advisory also notes memory safety ...

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from insufficient DevTools data validation, which can be exploited by an attacker to execute arbitrary code via a crafted HTML page...

Google Chrome < 138.0.7204.49 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 138.0.7204.49. It is, therefore, affected by multiple vulnerabilities as referenced in the 202506stable-channel-update-for-desktop24 advisory. - Insufficient data validation in DevTools in Google Chrome on Windows prior t...

PT-2025-26732

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user saves a response from the Network tab in Devtools using the Save As context menu option. In this scenario, the saved file may not have the .download file extension,...

PT-2025-26787 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.49 Description: Insufficient data validation in DevTools in Google Chrome on Windows allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a...

FreeBSD : Firefox -- content injection attack (a3291f81-3d7c-11f0-9a55-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a3291f81-3d7c-11f0-9a55-b42e991fc52e advisory. [email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have...

CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability affects Firefox 139 and Thunderbird 139...

UBUNTU-CVE-2025-5271

Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...

CVE-2025-5271

Summary : CVE-2025-5271 corresponds to a vulnerability where Devtools’ preview of responses failed to enforce CSP headers, potentially enabling content-injection attacks. The public records indicate affected products include Mozilla Firefox version prior to 139 and Mozilla Thunderbird prior to 13...

Firefox -- content injection attack

[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...

Fedora: Security Advisory (FEDORA-2025-eab322e215)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0159 Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...

Updated chromium-browser-stable packages fix security vulnerabilities

Heap buffer overflow in HTML. CVE-2025-4096 Out of bounds memory access in DevTools. CVE-2025-4050 Insufficient data validation in DevTools. CVE-2025-4051 Inappropriate implementation in DevTools. CVE-2025-4052 Use after free in WebAudio. CVE-2025-4372 Insufficient policy enforcement in Loader...

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

CVE-2022-24072

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool...

Google Chrome Code Execution Vulnerability (CNVD-2025-10054)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome prior to version 136.0.7103.59, which stems from an out-of-bounds memory access in DevTools, and can be exploited by an attacker to cause heap corruption...