CVE-2026-35390

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

PT-2026-30728

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

Rocky Linux 8 : firefox (RLSA-2023:0808)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0808 advisory. - Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Mozilla: Content security policy leak in violation reports using iframes

The Mozilla Foundation Security Advisory describes this flaw as: The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2023-045-01)

The version of mozilla-firefox installed on the remote host is prior to 102.8.0esr / 110.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-045-01 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory...

UBUNTU-CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...