CLSA-2026-1771004705 Fix CVE(s): CVE-2025-68168, CVE-2025-69204

SECURITY UPDATE: stack overflow via deeply nested MSL/SVG elements - debian/patches/CVE-2025-68168.patch: add recursion depth checking in MSLStartElement and SVGStartElement to prevent stack exhaustion - CVE-2025-68168 SECURITY UPDATE: integer overflow in SVG PathPrimitive processing -...

JLSEC-2025-39 Possible XSS in HTMLSanitizer when using svg elements

Description When adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This behavior is similar to the sanitization bypass described in CVE-2020-40...

EUVD-2010-1845

Malware in sbrugna...

EUVD-2020-7663

Malware in sbrugna...

EUVD-2011-3003

Malware in sbrugna...

CVE-2025-2336

CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...

Content Spoofing

AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...

CVE-2025-0716

CVE-2025-0716 is a vulnerability in AngularJS where improper sanitization of the href and xlink:href attributes in SVG elements can bypass image-source restrictions and enable Content Spoofing, potentially affecting performance due to large or slow-loading images. Affects all versions of Angular...

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

Critical: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

Oracle Linux 8 : thunderbird (ELSA-2020-4155)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

CVE-2020-15676

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

SUSE-SU-2020:0629-1 Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

openSUSE Security Update : librsvg (openSUSE-2020-343)

This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numb...

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

Debian DSA-4364-1 : ruby-loofah - security update

It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

Buffer overflow

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

The Great DOM Fuzz-off of 2017

Posted by Ivan Fratric, Project Zero Introduction Historically, DOM engines have been one of the largest sources of web browser bugs. And while in the recent years the popularity of those kinds of bugs in targeted attacks has somewhat fallen in favor of Flash which allows for cross-browser exploi...