opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

GHSA-C7MQ-GH6Q-6Q7C opennextjs-cloudflare has SSRF vulnerability via /cdn-cgi/ path normalization bypass

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler. The @opennextjs/cloudflare worker template includes a /cdn-cgi/image/ handler intended for development use only. In...

CVE-2026-3125

CVE-2026-3125 affects the @opennextjs/cloudflare package and its /cdn-cgi/image/ handler. A path normalization bypass (using a backslash in the path, e.g., /cdn-cgi\image/…) can bypass Cloudflare edge interception, allowing requests to reach the Worker and trigger an unvalidated fetch of arbitrar...

RLSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

ALSA-2026:3516 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR...

RLSA-2026:3338 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libvpx: Heap buffer overflow in libvpx CVE-2026-2447 firefox: Invalid pointer in the JavaScript Engine component CVE-2026-2785 firefox: Memory safety bugs fixed in Firef...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...

firefox: thunderbird: Same-origin policy bypass in the Networking: JAR component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: JAR component...