Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987441)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987441 advisory. When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a...

Linux Distros Unpatched Vulnerability : CVE-2018-6091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Service Workers can intercept any request made by an or tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin...

Linux Distros Unpatched Vulnerability : CVE-2024-10458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR...

Linux Distros Unpatched Vulnerability : CVE-2025-6430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making ...

firefox: thunderbird: Content-Disposition header ignored when a file is included in an embed or object tag

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerab...

firefox: thunderbird: Content-Disposition header ignored when a file is included in an embed or object tag

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a or tag, potentially making a website vulnerab...

SUSE CVE-2025-6430

When a file download is specified via the Content-Disposition header, that directive would be ignored if the file was included via a embed or object tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12,...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser.Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP, POP mail protocols, and HTML mail...

Tikiwiki 1.9.7 HTML/embed object injection

Tikiwiki Version: 1.9.7 Example Address http://example.com/tiki-remindpassword.php Overview: The following codes can be added to the HTML password page by placing the HTML codes in the user name input box and hitting the "send me my password" button. Examples: 1.brbrbuXSS/u/b 2.EMBED...