Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-043 (ALASFIREFOX-2025-043)

The version of firefox installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-043 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...

Amazon Linux 2023 : firefox (ALAS2023-2025-1203)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1203 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

AlmaLinux 9 : firefox (ALSA-2025:16108)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16108 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary...

Important: firefox

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Important: thunderbird

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE and EE versions 17.10 up to and...

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.8.1 of dify, which stems from improper access control in the /console/api/apps/chat-messages endpoint, which could lead to a user in the same workspace reading cha...

CVE-2025-35042

Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are vulnerable to a remote attacker logging in and gaining the privileges of this account. Fixed in 10.2.35, 11.0.2...

firefox: thunderbird: Same-origin policy bypass in the Layout component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

RHEL 8 : thunderbird (RHSA-2025:16589)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:16589 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free i...

CVE-2025-0672

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

Open Redirect

googlesignin is vulnerable to open redirect. The vulnerability is due to improper validation of crafted URLs that bypass the "same origin" check, which allows an attacker to redirect users to a malicious origin and potentially chain it with arbitrary data injection into session cookies...

firefox: thunderbird: Same-origin policy bypass in the Layout component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the...

cs253.stanford.edu

It is an offensive tool for web application security education. The repository contains a collection of assignments and exercises for the CS 253 Web Security course at Stanford University. The assignments are designed to educate students on various web security topics, including client-side...