CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options 'nsid', 'answer-cookie', 'pad-responses' default need to be enabl...

CVE-2025-31491 AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests...

Mozilla: Cookie jar overflow caused unexpected cookie jar state

The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...

Mozilla: Cookie jar overflow caused unexpected cookie jar state

The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this or other servers to which the cookies match create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept match and haven't expired. Due to cookie matching rules a server on `foo.example.com` can set cookies that also would match for `bar.example.com` making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.

...

Firefox SVG Cross-Domain Cookie Injection Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-domain cookie injection vulnerability exists in the Firefox SVG element, which can be exploited by an attacker to inject arbitrary web script or HTML code...

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11

APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issu...

Apple Mac OS X/iOS CFNetwork HTTPProtocol Cross Domain COOKIE Disclosure Vulnerability

Apple Mac OS X is an operating system developed by Apple Inc. Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A cross-domain COOKIE disclosure vulnerability in the Apple Mac OS X/iOS CFNetwork HTTPProtocol handling redirection allows attackers to explo...

SuSE9 Security Update : epiphany (YOU Patch Number 12519)

This update brings the Mozilla SeaMonkey Suite packages to the current stable release 1.1.17. Due to the major version update some incompatibilities might appear. It fixes all currently published security issues, including but not limited to : - Same-origin violations when Adobe Flash loaded via...

SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 1001)

The Mozilla Firefox browser was updated to version 3.0.11, fixing various bugs and security issues : - Crashes with evidence of memory corruption rv:1.9.0.11. MFSA 2009-24 / CVE-2009-1392 / CVE-2009-1832 / CVE-2009-1833 - bmo479413 URL spoofing with invalid unicode characters. MFSA 2009-25 /...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: MFSA 2009-32 JavaScript chrome privilege escalation MFSA 2009-31 XUL scripts bypass content-policy checks MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar MFSA 2009-29 Arbitrary code execution using event listeners attached to an element...