Mozilla Firefox ESR < 140.11

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-48 advisory. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefo...

RHEL 10 : thunderbird (RHSA-2026:19131)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19131 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the...

Mozilla Thunderbird < 140.11

The version of Thunderbird installed on the remote Windows host is prior to 140.11. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-51 advisory. - Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memor...

KLA91059 Multiple vulnerabilities in Mozilla Thunderbird ESR

Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability...

KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...

SUSE CVE-2026-8388

Incorrect boundary conditions in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

SUSE CVE-2026-8389

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 150.0.3...

SUSE CVE-2026-8391

Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11...

minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions

A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and...

MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2026-8570

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8540

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

EUVD-2026-30385

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8570

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8570

The CVE-2026-8570 entry concerns Google Chrome’s V8 engine. A Type Confusion in V8, affecting Chrome versions prior to 148.0.7778.168, could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. The description does not specify exact vulnerable bu...

CVE-2026-8540

Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...