CVE-2026-8390

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript: WebAssembly component...

Linux Distros Unpatched Vulnerability : CVE-2026-6757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird...

SUSE-SU-2026:0812-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR MFSA 2026-15 bsc1258568: - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component -...

CVE-2026-2804

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

RLSA-2025:22363 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

RockyLinux 10 : thunderbird (RLSA-2025:21843)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:21843 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...

Linux Distros Unpatched Vulnerability : CVE-2025-13016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and...

AlmaLinux 10 : firefox (ALSA-2025:16109)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:16109 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary...

RLSA-2025:16589 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10532 firefox:...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

WordPress plugin Store Locator Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2022-21597

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JavaScript. Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

Denial of Service in extension "Code Highlight" (codehighlight)

The extension bundles a vulnerable version of the 3rd party JavaScript component “prism” which is known to be vulnerable against Regular expression Denial of Service ReDoS...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-49572)

BaserCMS is an open source enterprise-level content management system cms. BaserCMS 4.3.6 and earlier versions of contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree. A cross-site scripting vulnerability exists in the js component. An...

Google Chrome JavaScript component buffer overflow vulnerability (CNVD-2020-00479)

Google Chrome is the United States Google Google company's a Web browser. JavaScript is one of the JavaScript code debugging components. A buffer overflow vulnerability exists in the Google Chrome JavaScript component. An attacker can exploit this vulnerability to cause heap corruption with the...

Google Chrome JavaScript component buffer overflow vulnerability (CNVD-2020-00480)

Google Chrome is the United States Google Google company's a Web browser. JavaScript is one of the JavaScript code debugging components. A buffer overflow vulnerability exists in the Google Chrome JavaScript component. An attacker can exploit this vulnerability to cause heap corruption with the...

Google Chrome JavaScript Component Buffer Overflow Vulnerability

Google Chrome is the United States Google Google company's a Web browser. JavaScript is one of the JavaScript code debugging components. A buffer overflow vulnerability exists in the Google Chrome JavaScript component. An attacker can exploit this vulnerability to execute arbitrary code inside a...

Qualys BrowserCheck CoinBlocker Protects Users From Active Cryptojacking Campaigns

Qualys Malware Research Labs recently released the Qualys BrowserCheck CoinBlocker Chrome Extension. We have seen enthusiastic adoption from users across the globe in the first week since its release, which has given us enough telemetry data to indicate success in protecting users from popular...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent window object restrictions

Mozilla SeaMonkey software contains a vulnerability related to incompatibility between JavaScript components. Exploiting this vulnerability allows malicious actors to circumvent window object restrictions by utilizing incompatibility in the original method-extractors of various JavaScript engines...