SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2025:03009-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03009-1 advisory. - Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 bsc1248162 CVE-2025-9179 bmo1979527: Sandbox escape due to invalid pointer in the...

SUSE-SU-2025:03009-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 bsc1248162 CVE-2025-9179 bmo1979527: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180 bmo1979782: Same-origin policy bypass in the Graphics:...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 bsc1248162 CVE-2025-9179 bmo1979527: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180 bmo1979782: Same-origin policy bypass in the Graphics:...

SUSE-SU-2025:03008-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 bsc1248162 CVE-2025-9179 bmo1979527: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180 bmo1979782: Same-origin policy bypass in the Graphics:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component...

ALSA-2025:14844 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-917...

CVE-2025-57821

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

Open Redirect

Overview googlesignin is a Sign in or up with Google for Rails applications Affected versions of this package are vulnerable to Open Redirect via the ensuresameorigin function in the redirectprotector.rb file. An attacker can cause users to be redirected to an attacker-controlled origin by...

Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

GHSA-7PWC-WH6M-44Q3 Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

CVE-2025-57821 Basecamp's Google Sign-In for Rails allowed redirects to a malformed URL

Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Rails applications configured to store the flash information in a...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Graphics: Canvas2D component...

PT-2025-34903 · Rails +1 · Rails +1

Name of the Vulnerable Software and Affected Versions: Basecamp Google Sign-In versions prior to 1.3.0 Description: A malformed URL can bypass the "same origin" check, potentially redirecting users to an unintended origin. This issue affects Rails applications using the library and storing flash...

Google Sign-In for Rails allowed redirects to malformed URLs

Summary It is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being redirected to another origin. Details The googlesignin gem persists an optional URL for redirection after authentication. If this URL is malformed, it's possible for the user to be...

Linux Distros Unpatched Vulnerability : CVE-2025-3071

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI...

Linux Distros Unpatched Vulnerability : CVE-2018-25103

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists use-after-free vulnerabilities in lighttpd = 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not...

Linux Distros Unpatched Vulnerability : CVE-2022-46692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2...