775 matches found
SUSE CVE-2025-5264
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11,...
SUSE CVE-2026-8947
Use-after-free in the DOM: Bindings WebIDL component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
UBUNTU-CVE-2026-8974
Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11,...
CVE-2026-8958
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
Mozilla Firefox多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of...
Astra Linux - уязвимость в firefox, thunderbird
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks were executed for those events. Web content that attempted to use those interfaces would not be able to do so with elevated privileges. However, the presence of these interfaces indicated...
Astra Linux - уязвимость в firefox, thunderbird
The Enhanced Tracking Protection’s Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS attacks through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames disguised as legitimate content. This...
Astra Linux - уязвимость в firefox, thunderbird
A double-free issue could occur in secpkcs7decoderstartdecrypt, when handling an error path. Under certain conditions, the same symmetric key might be freed twice, potentially leading to memory corruption. This vulnerability affects Firefox 133, Thunderbird 133, Firefox ESR 128.7, and Thunderbird...
Astra Linux - уязвимость в thunderbird, firefox
An attacker could have exploited a use-after-free issue through the Custom Highlight API, resulting in a potentially exploitable crash. This vulnerability has been fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Astra Linux - уязвимость в thunderbird, firefox
A race condition during delazification could have led to a use-after-free vulnerability. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Astra Linux - уязвимость в thunderbird, firefox
Memory safety bugs exist in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute...
Astra Linux - уязвимость в thunderbird, firefox
A race condition could have led to private browsing tabs being opened in regular browsing windows. This could have resulted in a potential privacy breach. This vulnerability has been fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...
Astra Linux - уязвимость в thunderbird, firefox
A web page could trick users into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Astra Linux - уязвимость в firefox
Bypass of mitigation mechanisms in the Networking: Cache component. This vulnerability has been fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux - уязвимость в firefox, thunderbird
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 99 and Firefox ESR 91.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libvpx (UTSA-2026-014289)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014289 advisory. Heap buffer overflow in libvpx. This vulnerability affects Firefox 147.0.4, Firefox ESR 140.7.1, Firefox ESR 115.32.1, Thunderbird 140.7.2, and Thunderbird 147.0.2...
CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
Mozilla多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
UBUNTU-CVE-2026-5732
Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1...