firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

firefox: thunderbird: Invalid pointer in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript Engine component...

firefox: thunderbird: Use-after-free in the JavaScript: GC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: GC component...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

Google Chrome V8 Memory Out-of-Bounds Access Vulnerability (CNVD-2026-13792)

Google Chrome is a free web browser developed by Google Inc. Google Chrome V8 suffers from a memory out-of-bounds access vulnerability that stems from improper memory buffer access control and can be exploited by remote attackers to execute arbitrary code...

RHEL 7 : firefox (RHSA-2026:3984)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3984 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap...

RHEL 9 : thunderbird (RHSA-2026:3982)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3982 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

RHEL 8 : thunderbird (RHSA-2026:4022)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:4022 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

RHEL 8 : thunderbird (RHSA-2026:3980)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3980 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

RHEL 8 : thunderbird (RHSA-2026:3979)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3979 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

RHEL 9 : thunderbird (RHSA-2026:3978)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:3978 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox:...

📄 DOMPurify 3.13 Cross Site Scripting

A mutation cross site scripting vulnerability exists in DOMPurify versions 3.1.3 and below when the SAFEFORXML configuration is enabled. ============================================================================================================================================= | Title : DOMPurif...

PT-2026-29457

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description An object corruption issue in the V8 component of Google Chrome, prior to version 146.0.7680.178, could allow a remote attacker to execute arbitrary code within a sandbox environment...

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in...

CVE-2026-29183

SiYuan is a personal knowledge management system. Prior to version 3.5.9, an unauthenticated reflected XSS vulnerability exists in the dynamic icon API endpoint "GET /api/icon/getDynamicIcon" when type=8, attacker-controlled content is embedded into SVG output without escaping. Because the endpoi...

CVE-2025-59542

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...

EUVD-2026-10098

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

x402 SDK Security Advisory

Impact A security vulnerability exists in outdated versions of the x402 SDK. This vulnerability does not affect users' private keys, smart contracts, or funds. The issue impacts resource servers accepting payments on Solana when the facilitator is running a vulnerable version of the x402 SDK. Who...

CVE-2026-2020 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...