Astra Linux - уязвимость в firefox

The documents incorrectly assumed a certain order of principal objects when determining whether we were loading an appropriately privileged principal. In certain circumstances, it might have been possible for a document to be loaded with a more privileged principal than intended. This vulnerabili...

CVE-2026-34148

CVE-2026-34148 – Fedify resource exhaustion via unbounded redirects . Affected: @fedify/fedify (Fedify) before versions 1.9.6, 1.10.5, 2.0.8, 2.1.1. Description in connected docs confirms that the remote and authenticated document loaders recursively follow HTTP 3xx redirects without a maximum re...

EUVD-2018-3789

Malware in sbrugna...

EUVD-2025-22365

Malicious code in bioql PyPI...

EUVD-2023-31869

Malicious code in bioql PyPI...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8032 XSLT documents could bypass CSP

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8032 XSLT documents could bypass CSP

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8032

CVE-2025-8032 involves an XSLT loading flaw where the source document was not propagated, allowing a CSP bypass in Mozilla components. Affected products/versions (per provided sources): Firefox and Thunderbird lines including Firefox < 141, Firefox ESR < 128.13 and < 140.1, Thunderbird &...

CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...

CVE-2012-6463

Cross-site scripting XSS vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an unspecified sequence of loading of documents and loading of data: URLs...

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RHEL 9 : libreoffice (RHSA-2023:6508)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6508 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...

CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability...

CVE-2022-3034

CVE-2022-3034 describes a vulnerability in Mozilla Thunderbird where receiving an HTML email that requests loading an iframe from a remote location causes the browser to fetch the remote document, even though Thunderbird does not display it. The issue affects Thunderbird versions prior to 102.2.1...