Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...

RockyLinux 10 : firefox (RLSA-2025:18154)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18154 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL...

EUVD-2020-27944

Malware in sbrugna...

EUVD-2017-14568

Malware in sbrugna...

EUVD-2017-14536

Malware in sbrugna...

EUVD-2019-3361

Malware in sbrugna...

EUVD-2018-16884

Malware in sbrugna...

EUVD-2020-4711

Malware in sbrugna...

EUVD-2018-16941

Malware in sbrugna...

EUVD-2017-16759

Malware in sbrugna...

EUVD-2020-27964

Malware in sbrugna...

EUVD-2017-14549

Malware in sbrugna...

EUVD-2021-30470

Malicious code in bioql PyPI...

EUVD-2022-37433

Malicious code in bioql PyPI...

EUVD-2022-37434

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-29980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uninitialized memory in a canvas object could have caused an incorrect free leading to memory corruption and a potentially exploitable crash. This vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2019-9794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This coul...

CVE-2025-6427

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...