Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

In xmlparse.c within Expat also known as libexpat, prior to version 2.4.5, attackers could insert namespace-separator characters into namespace URIs...

RockyLinux 9 : firefox (RLSA-2025:18155)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18155 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

EUVD-2019-3433

Malware in sbrugna...

DEBIAN-CVE-2025-8031

The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Linux Distros Unpatched Vulnerability : CVE-2025-1936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but...

CVE-2023-29542

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions...

UBUNTU-CVE-2022-46880

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.Note: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affect...

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

CVE-2020-15683

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects...

Mozilla: Attacker-induced prompt for extension installation

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...