Astra Linux - уязвимость в chromium

Inappropriate implementation in the HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS protections through a crafted HTML page. Chrome security severity: Medium...

BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

SUSE CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

CPython 安全漏洞

CPython is a Python interpreter implemented in C language by the Python Foundation. CPython has a security vulnerability, which stems from the http.cookies.Morsel.jsoutput function returning inline script fragments and only escaping double quotes. This approach fails to neutralize the HTML...

CLSA-2026-1776330599 python3.9: Fix of 11 CVEs

CVE-2025-8291: fix zipfile ZIP64 EOCD Locator offset validation - CVE-2025-6069: fix quadratic complexity in HTMLParser - CVE-2025-4516: fix use-after-free in unicode-escape decoder with error handler - CVE-2026-2297: ensure SourcelessFileLoader uses io.opencode - CVE-2026-3479: reject invalid...

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...

OPENSUSE-SU-2026:20365-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.8.0 ESR bsc1258568 - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect...

Lexbor 安全漏洞

Lexbor is an open-source C language library developed by Lexbor for processing HTML and CSS. Versions of Lexbor prior to 2.7.0 contained security vulnerabilities. These vulnerabilities stemmed from type confusion in the HTML fragment parser, which could lead to pointer dereferencing...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component CVE-2026-2758: Use-after-free in the JavaScript: GC component CVE-2026-2759:...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

SUSE CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:0812-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0812-1 advisory. Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: - CVE-2026-2757: Incorrect boundary conditions in the WebRTC:...

CVE-2025-69534

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...