FreeBSD : Firefox -- Multiple vulnerabilities (1124a7b0-1338-11f1-a55d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1124a7b0-1338-11f1-a55d-b42e991fc52e advisory. CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806:...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803

CVE-2026-2803 : Affects Firefox versions prior to 148. The issue is an information disclosure/potential mitigation bypass within the Settings UI component, described by Mozilla as a vulnerability in the Settings UI that could leak data and bypass protections. The root cause and exact affected sub...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Firefox -- Multiple vulnerabilities

CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. CVE-2026-2803...

CVE-2023-5964 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...

Information disclosure in settings UI and API responses - ownCloud

The settings page and some API responses of a few ownCloud apps contained plaintext credentials...

CVE-2021-0369

In CrossProfileAppsServiceImpl.java, there is the possibility of an application's INTERACTACROSSPROFILES grant state not displaying properly in the setting UI due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User...

PT-2021-13048 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: The issue is caused by a logic error in the code of CrossProfileAppsServiceImpl.java, which can lead to an application's INTERACT ACROSS PROFILES grant state not displaying properly in the setting UI...

Spoofing

In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...

Privilege escalation

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2...