Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation, U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 146, Firefox ES...

Mozilla Firefox ESR < 115.31

The version of Firefox ESR installed on the remote Windows host is prior to 115.31. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-93 advisory. - Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox 146, Firefox ESR...

Security Vulnerabilities fixed in Firefox ESR 115.31 — Mozilla

CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component Reporter Oskar L Impact high References Bug 1996473 CVE-2025-14323: Privilege escalation in the DOM: Notifications component Reporter tiebuchen Impact high References Bug 1996555...

PT-2025-49800

Name of the Vulnerable Software and Affected Versions @tiptap/extension-link versions prior to 2.10.4 Description The @tiptap/extension-link package is susceptible to Cross-site Scripting XSS because of unsanitized user input when setting or toggling links. An attacker can inject a javascript: UR...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 146 and ESR 140.6, which stems from a compilation error in the JavaScript Engine JIT component that could lead to code execution...

KLA90807 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics...

CVE-2025-61074

Affected product: adata Software GmbH Mitarbeiter Portal 2.15.2.0 (SchwarzeBrett bulletin board). Vulnerability: Stored XSS in the Inhalts parameter of CreateNachricht and EditNachricht endpoints, exploitable by remote authenticated users to run arbitrary JavaScript in other users’ browsers. Impa...

Linux Distros Unpatched Vulnerability : CVE-2025-14325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird...

Linux Distros Unpatched Vulnerability : CVE-2025-14324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146,...

Mozilla -- JIT miscompilation

https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the JavaScript Engine: JIT component...

Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component

https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engine: JIT component...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox and Mozilla Firefox ESR are both products of the Mozilla Foundation, U.S.A. Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security vulnerability exists in Mozilla Firefox versions prior to 146 and Firefox...

Mozilla Firefox < 146.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-92 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR...

KLA90817 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in the...

Mozilla Firefox ESR < 140.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-94 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR...

Linux Distros Unpatched Vulnerability : CVE-2025-14330

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird...

GO-2025-4184 Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server

Mattermost Server vulnerable to Denial of Service through @ character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.addcss, ui.addscss, and ui.addsass functions. An attacker can execute arbitrary JavaScript in the context of the user's browser...

New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites

Securonix Threat Research details the complex JSSMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access...

CVE-2025-13630

Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...