Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

firefox: thunderbird: Same-origin policy bypass in the DOM: Notifications component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Notifications component...

firefox: thunderbird: Same-origin policy bypass in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the DOM: Workers component...

Race Condition

Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

TencentOS Server 4: firefox (TSSA-2025:0712)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0712 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

ALSA-2025:21843 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

Google Chrome < 4.5.103.29 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.5.103.29. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to...

Google Chrome < 4.9.385.26 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 4.9.385.26. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers t...

Google Chrome < 19.0.0.245 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 19.0.0.245. It is, therefore, affected by a vulnerability as referenced in the 201511stable-channel-update advisory. - The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages an...

Google Chrome < 4.5.103.29 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 4.5.103.29. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers t...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

Google Chrome < 19.0.0.245 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 19.0.0.245. It is, therefore, affected by a vulnerability as referenced in the 201511stable-channel-update advisory. - The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and...

Google Chrome < 4.9.385.26 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.9.385.26. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 49.0.2623.75 allow attackers to...

CVE-2025-63224

The Itel DAB Encoder IDEnc build 25aec8d is vulnerable to Authentication Bypass due to improper JWT validation across devices. Attackers can reuse a valid JWT token obtained from one device to authenticate and gain administrative access to any other device running the same firmware, even if the...

CVE-2025-12766

CVE-2025-12766 is a vulnerability in the Management Console of BlackBerry AtHoc (OnPrem) v7.21 where an insecure direct object reference (IDOR) could allow an attacker to gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS). Affected component:...

Vulnerabilities fixed in Fortinet FortiOS

Fortinet has fixed vulnerabilities in FortiOS multiple versions. The vulnerabilities include a stack-based buffer overflow that allows attackers to execute unauthorized code or commands by sending specially crafted packets. A specific vulnerability in the FortiOS CAPWAP daemon allows a remote,...