RHEL 9 : firefox (RHSA-2025:17374)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17374 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RockyLinux 10 : firefox (RLSA-2025:8125)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8125 advisory. firefox: Out-of-bounds access when resolving Promise objects CVE-2025-4918 firefox: Out-of-bounds access when optimizing linear sums CVE-2025-4919 Tenab...

EUVD-2022-30940

Malicious code in bioql PyPI...

[SECURITY] [DLA 4305-2] firefox-esr regression update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4305-2 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort September 29, 2025 https://wiki.debian.org/LTS -...

BIT-NIFI-2020-1933

A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers...

RHEL 7 : firefox (RHSA-2025:15430)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:15430 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

MGASA-2025-0227 Updated rootcerts, nspr, nss & firefox packages fix vulnerabilities

JavaScript engine only wrote partial return value to stack. CVE-2025-8027 Large branch table could lead to truncated instruction. CVE-2025-8028 Javascript: URLs executed on object and embed tags. CVE-2025-8029 Potential user-assisted code execution in “Copy as cURL” command. CVE-2025-8030 Incorre...

Oracle Linux 8 : firefox (ELSA-2025-14442)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-14442 advisory. 128.14.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.14.0 - Add debranding patches Mustafa Gezen - Add OpenELA defaul...

Oracle Linux 9 : firefox (ELSA-2025-14416)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14416 advisory. 128.14.0-2.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079773 - Add firefox-oracle-default-prefs.js and remove the corresponding R...

GHSA-MV5M-P837-6XM9 vulnerabilities

Vulnerabilities for packages: firefox-esr...

CVE-2025-54144

The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141...

CVE-2025-54143

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

CVE-2025-55031

CVE-2025-55031 affects Firefox for iOS and Firefox Focus for iOS prior to version 142. A malicious page can trigger FIDO/hybrid passkey transport by passing FIDO links to the OS, and an attacker within Bluetooth range could coerce a user into using their passkey to sign into the attacker’s machin...

CVE-2025-54143 Sandboxed iframes could allow local downloads despite sandbox restrictions

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141...

Linux Distros Unpatched Vulnerability : CVE-2023-4585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that...

Linux Distros Unpatched Vulnerability : CVE-2024-1547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL show...

Linux Distros Unpatched Vulnerability : CVE-2022-45419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then delet...

Linux Distros Unpatched Vulnerability : CVE-2019-11712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to...

Linux Distros Unpatched Vulnerability : CVE-2020-12410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presum...

Linux Distros Unpatched Vulnerability : CVE-2022-22742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerabili...