RHEL 9 : thunderbird (RHSA-2026:19461)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19461 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have been classified as moderate, and one has been rated low in severity. The issues were addressed in...

Mozilla Firefox ESR < 115.33

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.33. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-14 advisory. - Memory safety bugs present in Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147...

CVE-2021-41117

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

Linux Distros Unpatched Vulnerability : CVE-2018-7159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as...

Use-After-Free

hermes-engine is vulnerable to Use-After-Free. When Hermes allows execution of untrusted JavaScript, an attacker is able to cause remote code execution due to a use-after-free bug, which is possible as a result of unsound inference in the bytecode generation when optimizations are enabled...

SUSE CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...

8x8: DOM Based XSS at docs.8x8.com

A domain for marketing documentation contained a DOM based XSS due to evaluation and rendering of window.location.href in the related javascript...

UBUNTU-CVE-2019-5852

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Bug in NVIDIA’s Tegra Chipset Opens Door to Malicious Code Execution

A flaw impacting millions of mobile and internet of things IoT devices running NVIDIA’s Tegra processor opens the door for a variety of attacks, including device hijacking or siphoning of data. The warning comes from researcher Triszka Balázs, who discovered the flaw and asserts that the bug...

Shopify: App messaging can be hijacked by third-party websites

The JavaScript code at https://cdn.shopify.com/s/assets/admin/index-c6e72fa910cd0182ab1d1e67ff823fb2e6ca61745c00797769410ce01aafc4d8.js installs a message event listener to receive messages from installed apps when these apps are displayed in a frame. The following check rejects invalid event...

HackerOne: URL Crashing browser. {Tested on firefox, Chrome and Safari}

Hi again Dear, I am facing a strange behavior when I try to access this particular URL https://hackerone.com/reports/10373 I test it on multiple computer with different browser. Browser goes into indefinite loop and disabled right click ,and after some time it crashes . It seems like the problem ...

Open Bulletin Board javascript bug.

OpenBB is free php-based forum. Exploit: imgjavasCript:alert'Hello world.'/img Vulnerable systems: All versions of Open Bulletin Board including v.1.0.0 Immune systems: None Solution: All url's in img tags should start with "http://" Yurij Rumiantsev...

msie4.01-jscript-security.txt

Date: Thu, 28 Jan 1999 04:53:31 PST From: Georgi Guninski To: [email protected] Subject: Javascript %01 bug in Internet Explorer There is a Javascript security bug in Internet Explorer 4.x patched, which circumvents "Cross-frame security" and opens several security holes. The probl...