246 matches found
firefox: thunderbird: Use-after-free in Custom Highlight
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...
UBUNTU-CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
firefox: thunderbird: Use-after-free in Custom Highlight
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...
SUSE CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
DEBIAN-CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010 Use-after-free in Custom Highlight
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010
A CVE entry (CVE-2025-1010) describes a use-after-free via the Custom Highlight API that could lead to a crash. Affected products/versions include: Firefox fixed in 135, Firefox ESR fixed in 115.20 and 128.7, Thunderbird fixed in 128.7 and 135, and Thunderbird ESR variants similarly updated. The ...
CVE-2025-1010
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
CVE-2025-1010 Use-after-free in Custom Highlight
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Security Vulnerabilities fixed in Firefox ESR 115.20 — Mozilla
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent delazification could have led to a...
mozilla -- multiple vulnerabilities
[email protected] reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent...
Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...
Malicious code in ui-components-highlight-vdom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c058680e21b489b3504441b59346650d2d8f204795eda46ba03d8c9585e58f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2024-56297
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through = 2.0.2...
CVE-2024-56297 WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2...
CVE-2024-56297 WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through = 2.0.2...
CVE-2024-56297
CVE-2024-56297 is a Stored XSS in the WordPress Highlight plugin (dn88 Highlight). Affected range: from n/a through 2.0.2. Root cause per description: Improper Neutralization of Input During Web Page Generation. Impact is limited to stored XSS in pages generated by the plugin; exploitation detail...