125 matches found
CVE-2026-34772
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...
CVE-2026-34772 Electron: Use-after-free in download save dialog callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...
CVE-2026-34772 Electron: Use-after-free in download save dialog callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...
Use After Free
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory...
PT-2026-30002
Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...
EUVD-2012-4087
Malware in sbrugna...
EUVD-2005-2408
Malware in sbrugna...
EUVD-2016-3030
Malware in sbrugna...
EUVD-2025-12656
Malicious code in bioql PyPI...
CVE-2012-4143
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924...
SUSE CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...
UBUNTU-CVE-2025-4086
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 138 and Thunderbir...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
CVE-2025-4086
CVE-2025-4086 affects Thunderbird for Android and Firefox/ Thunderbird versions earlier than 138. The issue is triggered by a filename containing a large number of encoded newline characters that can obscure the file extension in the download dialog, potentially misleading users about the downloa...
CVE-2025-4086 Specially crafted filename could be used to obscure download type
A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...
The vulnerability of the Mozilla Firefox browser on Android operating systems involves a false representation of critical information to the user’s interface, allowing attackers to perform spear-phishing attacks.
The vulnerability of the Mozilla Firefox browser on Android operating systems is related to incomplete display of file names in the download dialog window. Exploiting this vulnerability allows a remote attacker to perform spearishing attacks...
Unspecified Vulnerability in Mozilla Firefox (CNVD-2024-44471)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 131, which stems from the fact that a specially crafted filename containing a large number of spaces may obscure the file's...
CVE-2024-9395
A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...