9 matches found
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...
EUVD-2023-58012
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-22747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to...
Linux Distros Unpatched Vulnerability : CVE-2024-9393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This could allow them to access...
Linux Distros Unpatched Vulnerability : CVE-2024-0750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects...
Linux Distros Unpatched Vulnerability : CVE-2020-26959
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a...
CVE-2025-8028 Large branch table could lead to truncated instruction
On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1,...
thunderbird: User Interface (UI) Misrepresentation of attachment URL
A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the...
Thunderbird: Revocation status of S/Mime recipient certificates was not checked
The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...