Lucene search
K

246 matches found

RedHat Linux
RedHat Linux
added 2025/02/06 11:20 a.m.8 views

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.00451EPSS
Exploits0References10
OSV
OSV
added 2025/02/06 12:0 a.m.4 views

UBUNTU-CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.3AI score0.00451EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2025/02/05 11:36 a.m.9 views

firefox: thunderbird: Use-after-free in Custom Highlight

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash...

9.8CVSS7.3AI score0.00451EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/02/05 3:48 a.m.3 views

SUSE CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

7.6CVSS7.3AI score0.00451EPSS
Exploits0References12
OSV
OSV
added 2025/02/04 2:15 p.m.1 views

DEBIAN-CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

8.8CVSS8.5AI score0.00451EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/02/04 2:15 p.m.4 views

CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS8.6AI score0.00451EPSS
Exploits0References8
NVD
NVD
added 2025/02/04 2:15 p.m.10 views

CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS0.00451EPSS
Exploits0References8
OSV
OSV
added 2025/02/04 2:15 p.m.8 views

CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

8.8CVSS6.2AI score
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/02/04 1:58 p.m.3 views

CVE-2025-1010 Use-after-free in Custom Highlight

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

7.3AI score0.00451EPSS
Exploits0References6
CVE
CVE
added 2025/02/04 1:58 p.m.350 views

CVE-2025-1010

A CVE entry (CVE-2025-1010) describes a use-after-free via the Custom Highlight API that could lead to a crash. Affected products/versions include: Firefox fixed in 135, Firefox ESR fixed in 115.20 and 128.7, Thunderbird fixed in 128.7 and 135, and Thunderbird ESR variants similarly updated. The ...

9.8CVSS7.3AI score0.00451EPSS
Exploits0References8Affected Software2
Debian CVE
Debian CVE
added 2025/02/04 1:58 p.m.5 views

CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS8.5AI score0.00451EPSS
Exploits0
Cvelist
Cvelist
added 2025/02/04 1:58 p.m.16 views

CVE-2025-1010 Use-after-free in Custom Highlight

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

0.00451EPSS
Exploits0References6
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.11 views

Security Vulnerabilities fixed in Firefox ESR 115.20 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent delazification could have led to a...

9.8CVSS10AI score0.01196EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2025/02/04 12:0 a.m.16 views

mozilla -- multiple vulnerabilities

[email protected] reports: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A race during concurrent...

9.8CVSS8.8AI score0.01196EPSS
Exploits0References4
Mozilla
Mozilla
added 2025/02/04 12:0 a.m.14 views

Security Vulnerabilities fixed in Thunderbird ESR 128.7 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. A bug in WebAssembly code generation could have lead to a cras...

9.8CVSS10AI score0.07748EPSS
Exploits0References11Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/01/21 7:47 a.m.4 views

Malicious code in ui-components-highlight-vdom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 17c058680e21b489b3504441b59346650d2d8f204795eda46ba03d8c9585e58f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
NVD
NVD
added 2025/01/07 11:15 a.m.5 views

CVE-2024-56297

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through = 2.0.2...

5.9CVSS0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/07 10:49 a.m.5 views

CVE-2024-56297 WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2...

5.9CVSS6.8AI score0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/07 10:49 a.m.13 views

CVE-2024-56297 WordPress Highlight plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Highlight highlight allows Stored XSS.This issue affects Highlight: from n/a through = 2.0.2...

5.9CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2025/01/07 10:49 a.m.34 views

CVE-2024-56297

CVE-2024-56297 is a Stored XSS in the WordPress Highlight plugin (dn88 Highlight). Affected range: from n/a through 2.0.2. Root cause per description: Improper Neutralization of Input During Web Page Generation. Impact is limited to stored XSS in pages generated by the plugin; exploitation detail...

5.9CVSS7.2AI score0.003EPSS
Exploits0References1
Rows per page
Query Builder