firefox: thunderbird: Sandbox escape due to integer overflow in the Graphics component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to integer overflow in the Graphics component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7,...

Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: Integer overflow in in...

MiracleLinux 8 : firefox-140.7.0-1.el8_10.ML.1 (AXSA:2026-056:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-056:02 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox...

ALSA-2026:0936 Moderate: glib2 security update

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fixes: glib: Integer overflow in in...

ALPINE-CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

Updated thunderbird packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

MGASA-2026-0013 Updated nss & firefox packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

VulnCheck KEV: CVE-2025-2857

Following the recent Chrome sandbox escape CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was...

MiracleLinux 4 : postgresql-8.4.20-8.0.1.AXS4 (AXSA:2021-1754:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1754:02 advisory. postgresql: Reconnection can downgrade connection security settings CVE-2020-25694 postgresql: Multiple features escape security restricted operatio...

MiracleLinux 8 : tracker-miners-2.1.5-2.el8_9.1 (AXSA:2024-7359:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7359:01 advisory. tracker-miners: sandbox escape CVE-2023-5557 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note tha...

MiracleLinux 8 : flatpak-1.10.8-1.el8 (AXSA:2023-7197:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7197:04 advisory. flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console CVE-2023-28100 flatpak: Metadata with ANSI control codes can...

MiracleLinux 9 : buildah-1.31.5-1.el9_3 (AXSA:2024-7725:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7725:02 advisory. buildah: full container escape at build time CVE-2024-1753 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-7737:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7737:01 advisory. podman: full container escape at build time CVE-2024-1753 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 9 : lua-5.4.4-2.el9 (AXSA:2023-5175:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5175:02 advisory. lua: use after free allows Sandbox Escape CVE-2021-44964 lua: stack overflow in luaresume of ldo.c allows a DoS via a crafted script file...

MiracleLinux 9 : podman-4.9.4-3.el9 (AXSA:2024-8089:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8089:04 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

MiracleLinux 9 : flatpak-1.12.9-1.el9_4 (AXSA:2024-8421:05)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8421:05 advisory. flatpak: sandbox escape via RequestBackground portal CVE-2024-32462 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : flatpak-1.6.2-5.el8 (AXSA:2021-1455:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1455:03 advisory. flatpak: sandbox escape via spawn portal CVE-2021-21261 Tenable has extracted the preceding description block directly from the MiracleLinux security advisor...