SUSE CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

DEBIAN-CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12,...

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12,...

UBUNTU-CVE-2025-6425

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6425 The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR...

CVE-2025-6425

CVE-2025-6425 concerns a WebCompat WebExtension issue in Firefox/Thunderbird where enumerating resources could obtain a persistent, browser-identifying UUID that remains across containers and normal/private browsing (not in profiles). Affected: Firefox < 140, Firefox ESR < 115.25, Firefox E...

Mozilla -- persistent UUID that identifies browser

[email protected] reports: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox 140, Firefox E...

Cross-Site Scripting (XSS)

ibexa/admin-ui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-generated content, allowing attackers with Editor or Administrator privileges to inject persistent XSS payloads that can later execute in the front office...

📄 Glass Cage Zero-Click iMessage Exploit Details

Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Tracing: Do not allow mmap of persistent ring buffers. When attempting to mmap a trace instance buffer that is attached to reservemem, it would cause a crash: BUG: Unable to handle a page fault for address: ffffe97bd00025c8 PF:...

PT-2025-25497 · Ping Identity · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns PingFederate OAuth2 grant duplication in PostgreSQL persistent storage, allowing OAuth2 requests to use excessive memory utilization. Recommendations: At the moment,...

Ibexa RichText Field Type XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

GHSA-5R6X-G6JV-4V87 Ibexa Admin UI XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

Ibexa Admin UI assets XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

Ibexa eZ Platform Admin UI XSS vulnerabilities in back office

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

PT-2025-26624 · Packagist · Ibexa/Admin-Ui

Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...

SUSE-SU-2025:20416-1 Security update for systemd

This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern CVE-2025-4598 - Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific - umount: do not move busy network mounts bsc1236177 - man/pstore.conf: pstore.conf template is n...

SUSE-SU-2025:20405-1 Security update for systemd

This update for systemd fixes the following issues: - coredump: use %d in kernel core pattern CVE-2025-4598 - Revert "macro: terminate the temporary VAARGSFOREACH array with a sentinel" SUSE specific - umount: do not move busy network mounts bsc1236177 - man/pstore.conf: pstore.conf template is n...