Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Photon OS 5.0: Mozjs PHSA-2026-5.0-0801

An update of the mozjs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0801. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/10/14 1:15 p.m.2 views

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/09/16 1:15 p.m.4 views

CVE-2025-10536

Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

6.2CVSS6.4AI score0.00154EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/09/16 1:15 p.m.1 views

CVE-2025-10537

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/07/22 9:15 p.m.2 views

CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

9.8CVSS7.3AI score0.00431EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/05/27 12:0 a.m.8 views

CVE-2025-5266

Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

4.3CVSS6.6AI score0.00262EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/05/21 6:15 p.m.7 views

CVE-2025-5020

Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefox for iOS 139...

4.3CVSS5.8AI score0.00198EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/04/29 2:15 p.m.2 views

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

6.5CVSS6.1AI score0.00244EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/04/29 2:15 p.m.6 views

CVE-2025-2817

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations...

8.8CVSS7.4AI score0.00538EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/04/29 2:15 p.m.2 views

CVE-2025-4085

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

7.1CVSS6.8AI score0.00252EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/04/18 12:0 a.m.12 views

Photon OS 5.0: Mozjs PHSA-2025-5.0-0504

An update of the mozjs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0504. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS7.3AI score0.09304EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2025/04/15 1:15 p.m.10 views

CVE-2025-3608

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2...

6.5CVSS6.9AI score0.0029EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/04/01 12:0 a.m.10 views

CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/04/01 12:0 a.m.13 views

CVE-2025-3030

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

8.1CVSS7.2AI score0.0047EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/02/04 2:15 p.m.7 views

CVE-2025-1018

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

7.3CVSS6.1AI score0.00401EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.6 views

CVE-2025-0245

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability was fixed in Firefox 134...

3.3CVSS6AI score0.00284EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/01/07 4:15 p.m.10 views

CVE-2025-0242

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...

6.5CVSS6.9AI score0.1307EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2024/10/10 12:0 a.m.15 views

CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1, Thunderbird...

9.8CVSS7.7AI score0.32568EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2024/09/03 1:15 p.m.5 views

CVE-2024-8386

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2...

6.1CVSS6.8AI score0.00366EPSS
Exploits0References8
OSV
OSV
added 2023/01/29 5:15 a.m.7 views

AZL-38236 CVE-2022-48285 affecting package mozjs for versions less than 102.15.1-1

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive...

7.3CVSS7.2AI score0.01411EPSS
Exploits0References1
Rows per page
Query Builder