firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...

Updated thunderbird(-l10n) packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...

MGASA-2026-0164 Updated thunderbird(-l10n) packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-8946 Incorrect boundary conditions in the JavaScript Engine: JIT component. CVE-2026-8388 Use-after-free in the DOM: Bindings WebIDL component. CVE-2026-8947 Other...

ALSA-2026:21380 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...

OPENSUSE-SU-2026:20789-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues - Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212. MFSA 2026-48: - CVE-2026-8388: Incorrect boundary conditions in the JavaScript Engine: JIT component. - CVE-2026-8391: Other issue in the JavaScript Engine...

EUVD-2026-30907

Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

PT-2026-41912

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description An issue in the Security: Process Sandboxing component allows for information disclosure and...

KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...

CVE-2025-14963

CVE-2025-14963 involves the Trellix HX Agent driver file fekern.sys. The vulnerability enables a local user to obtain elevated privileges by leveraging a Bring Your Own Vulnerable Driver (BYOVD) to access the lsass.exe memory. The description notes that the vulnerable driver installed in a system...

CVE-2018-10716

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WMCLOSE is not properly considered...

EUVD-2018-17934

Malware in sbrugna...

EUVD-2024-54376

Malicious code in bioql PyPI...

Breaking down barriers: Redefining the FedRAMP® journey for cloud service providers

Since the passing of the FedRAMP Authorization Act last December, inquiries about navigating FedRAMP's complex landscape have surged. Recognizing this, Coalfire is pioneering a new pathway to streamline the FedRAMP authorization process, making it more accessible for cloud service providers...

CVE-2016-10821

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list SEC-75...

Command injection

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list SEC-75...

Bejtlich Books Explained

A reader asked me to explain the differences between two of my books. I decided to write a public response. If you visit the TaoSecurity Books page, you will see two different types of books. The first type involves books which list me as author or co-author. The second involves books to which I...

OkCupid: An XSS bug was fixed due to my report, but I didn't submit it through the h1

I wasn't notified of the security process, and received no bounty. On Jan 08, 2015 at 01:22AM UTC OkCupid User Feedback wrote: don't hover over this if you put this on your profile and they hover over it, they will "like" your profile this can be used to execute arbitrary clientside code...

Brad Arkin on Adobe Reader Zero-Day Flaws and Security Response

Dennis Fisher and Ryan Naraine talk with Brad Arkin, Adobe’s director of product security and privacy, about the new zero-day flaws in Acrobat and Reader, Adobe’s security response process and the challenges of getting updates to end users. Podcast audio courtesy of sykboy65 Subscribe to the...