6 matches found
xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat
An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...
thunderbird: User Interface (UI) Misrepresentation of attachment URL
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...
thunderbird: User Interface (UI) Misrepresentation of attachment URL
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...
SUSE CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...
UBUNTU-CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...