EUVD-2025-7705

Malicious code in bioql PyPI...

CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

CVE-2025-26695 Downloading of OpenPGP keys from WKD used incorrect padding

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

Mozilla Thunderbird < 136.0

The version of Thunderbird installed on the remote Windows host is prior to 136.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-17 advisory. - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of thes...

CVE-2024-7531

The Mozilla Foundation Security Advisory describes this flaw as: Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

Calling PK11Encrypt in NSS using CKMCHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcom...

CVE-2024-7531

CVE-2024-7531 involves Mozilla Firefox and Firefox ESR. The connected documents confirm the underlying vulnerability: calling PK11_Encrypt() in NSS with CKM_CHACHA20 and using the same buffer for input and output can expose plaintext on Intel Sandy Bridge CPUs. In Firefox, the impact is limited t...

Security Vulnerabilities fixed in Firefox ESR 115.14 — Mozilla

Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. Incomplete WebAssembly exception handing could have led to a use-after-free. Editor code failed to check an attribute value. This cou...

Mozilla Firefox ESR < 128.1

The version of Firefox ESR installed on the remote Windows host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 -...

Mozilla Firefox ESR < 128.1

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-35 advisory. - Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. CVE-2024-7528 ...

Security Vulnerabilities fixed in Firefox 129 — Mozilla

Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape....