CVE-2026-35390

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

CVE-2026-35390

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

CVE-2026-35390 Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

PT-2026-30728

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

Google Chrome < 139.0.7258.138 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 139.0.7258.138. It is, therefore, affected by a vulnerability as referenced in the 202508stable-channel-update-for-desktop19 advisory. - Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remot...

PT-2024-15460 · Unknown · Ens Control

Name of the Vulnerable Software and Affected Versions: ENS Control browser extension versions prior to 10.7.0 Update 15 Description: A content-security-policy vulnerability allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-on...

Trellix Endpoint Security Cross-Site Scripting Vulnerability

Trellix Endpoint Security ENS is an endpoint security solution from FireEye Trellix USA. A cross-site scripting vulnerability exists in Trellix Endpoint Security ENS Web Control prior to version 10.7.0 Update 15, which originates from a cross-site scripting vulnerability that allows a remote...

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25728

The CVE-2023-25728 entry describes a CSP-Report-Only header issue where an attacker could leak a child iframe’s unredacted URI during a redirect, affecting Firefox &lt; 110, Thunderbird &lt; 102.8, and Firefox ESR

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

Amazon Linux 2 : thunderbird (ALAS-2023-1983)

The version of thunderbird installed on the remote host is prior to 102.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1983 advisory. 2024-02-15: CVE-2023-0616 was added to this advisory. If a MIME email combines OpenPGP and OpenPGP MIME data in a...

Important: thunderbird

Issue Overview: If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up and no longer respond to the user's actions. An attacker could send a crafted messa...

USN-5880-2 firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

USN-5880-2: Firefox regressions

USN-5880-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Christian Holler discovered that Firefox did not properly manage memory when using PKCS 12 Safe Bag attribute...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2023:0469-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0469-1 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag...

Rocky Linux 9 : firefox (RLSA-2023:0810)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0810 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

Rocky Linux 8 : thunderbird (RLSA-2023:0821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0821 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

Rocky Linux 8 : firefox (RLSA-2023:0808)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0808 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...