6855 matches found
firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...
Mozilla -- Same-origin policy bypass
https://bugzilla.mozilla.org/showbug.cgi?id=2000218 reports: Same-origin policy bypass in the Request Handling component...
Security Vulnerabilities fixed in Firefox ESR 115.31 — Mozilla
CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component Reporter Oskar L Impact high References Bug 1996473 CVE-2025-14323: Privilege escalation in the DOM: Notifications component Reporter tiebuchen Impact high References Bug 1996555...
Mozilla Firefox 访问控制错误漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation. An access control error vulnerability exists in Mozilla Firefox versions prior to 146, Firefox ESR versions prior to 115.31, and versions prior to 140.6, which stems from a same-origin policy bypass issue in the Request...
Amazon Linux 2023 : firefox (ALAS2023-2025-1298)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1298 advisory. Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component...
KLA90807 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics...
📄 Adobe Acrobat Chrome 1.41.100 Cross Site Scripting
Adobe Acrobat Chrome extension version 1.41.100 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Adobe Acrobat Chrome V 1.41.100 Extension DOM...
Linux Distros Unpatched Vulnerability : CVE-2025-14331
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Same-origin policy bypass in the Request Handling component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146...
KLA90817 Multiple vulnerabilities in Mozilla Thunderbird ESR
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in the...
KLA90808 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in the WebR...
KLA90809 Multiple vulnerabilities in Mozilla Firefox
Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free...
firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...
firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...
firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...
Important: firefox
Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...
RHEL 8 : thunderbird (RHSA-2025:22791)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22791 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component...
Important: firefox
Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...
AlmaLinux 8 : firefox (ALSA-2025:22363)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:22363 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox:...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
OPENSUSE-SU-2025-20135-1 Security update for mozjs128
This update for mozjs128 fixes the following issues: - Update to version 128.14.0 bsc1248162: + CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component + CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component + CVE-2025-9181: Uninitialized memo...