Linux Distros Unpatched Vulnerability : CVE-2025-13019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Notifications component. An attacker can exploit this...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR due to a same-origin policy bypass in the DOM:Workers component. An attacker can exploit this...

KLA90003 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Race condition vulnerability in the...

Linux Distros Unpatched Vulnerability : CVE-2025-13017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird...

PT-2025-46357

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Description A same-origin policy bypass exists within the DOM Notifications component. This allows for potential unauthorized access or manipulation of data due to insufficient...

PT-2025-46359

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 145 Firefox ESR versions prior to 140.5 Description A same-origin policy bypass exists in the DOM: Workers component. This allows for potential unauthorized access or manipulation of data due to insufficient...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

EUVD-2025-38317

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-63716

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...

CVE-2025-63716

The CVE-2025-63716 entry concerns SourceCodester Leads Manager Tool v1.0, which is vulnerable to Cross-Site Request Forgery (CSRF). The root cause stated across sources is lack of CSRF protection mechanisms (no anti-CSRF tokens and no same-origin verification) on critical endpoints, enabling unau...

FreeBSD : Mozilla -- Same-origin policy bypass in the Graphics: Canvas2D component (0723a60e-b80a-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0723a60e-b80a-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1979782 reports: Same-origin policy bypass in the Graphics:...

FreeBSD : Firefox -- Same-origin policy bypass (944d968c-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 944d968c-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1970490 reports: Same-origin policy bypass in the Layout...

Astra Linux – Vulnerability in Firefox, Thunderbird

Bypass of the same-origin policy in the Graphics:Canvas2D component. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2...

DNS Rebinding

Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...

GHSA-G8MR-FGFG-5QPC Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...