59115 matches found
Mozilla Firefox < 146.0
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 146.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-92 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR...
KLA90817 Multiple vulnerabilities in Mozilla Thunderbird ESR
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in the...
Mozilla Firefox ESR < 140.6
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-94 advisory. - Privilege escalation in the Netmonitor component. This vulnerability affects Firefox 146 and Firefox ESR...
Linux Distros Unpatched Vulnerability : CVE-2025-14330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird...
Linux Distros Unpatched Vulnerability : CVE-2025-14324
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146,...
Mozilla Firefox ESR < 115.31
The version of Firefox ESR installed on the remote Windows host is prior to 115.31. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-93 advisory. - Privilege escalation in the DOM: Notifications component. This vulnerability affects Firefox 146, Firefox ESR...
KLA90807 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics...
Security Vulnerabilities fixed in Firefox ESR 115.31 — Mozilla
CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component Reporter Oskar L Impact high References Bug 1996473 CVE-2025-14323: Privilege escalation in the DOM: Notifications component Reporter tiebuchen Impact high References Bug 1996555...
Mozilla -- JIT miscompilation
https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the JavaScript Engine: JIT component...
Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component
https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engine: JIT component...
GO-2025-4184 Mattermost Server vulnerable to Denial of Service through `@` character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server
Mattermost Server vulnerable to Denial of Service through @ character prefix inserted into JavaScript field names in github.com/mattermost/mattermost-server...
Cross-site Scripting (XSS)
Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.addcss, ui.addscss, and ui.addsass functions. An attacker can execute arbitrary JavaScript in the context of the user's browser...
New JS#SMUGGLER Campaign Drops NetSupport RAT Through Infected Sites
Securonix Threat Research details the complex JSSMUGGLER campaign, a three-step web attack using obfuscated JavaScript and hidden HTA files to install the NetSupport RAT on user Windows desktops, granting hackers full remote control and persistent access...
CVE-2025-13630
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Cross-site Scripting
Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...
Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform
Splunk has fixed vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. The vulnerabilities include several issues, including the ability for low-privileged users to create unauthorized dashboards, access sensitive information via mobile notifications, and the injection of ANSI escape...
Node.js: Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers
A vulnerability was identified in Node.js error handling where "Maximum call stack size exceeded" errors became uncatchable when asynchooks.createHook was enabled. Instead of reaching process.on'uncaughtException', the process terminated, making the crash unrecoverable...
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...
firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...
Google Chrome Competitive Conditions Vulnerability
Google Chrome is a web browser developed by Google Inc. to provide users with a fast, secure and customizable web browsing experience. Google Chrome suffers from a competitive condition vulnerability that stems from the presence of a competitive condition in v8, which can be exploited by an...