MiracleLinux 7 : firefox-128.8.0-1.0.1.el7.AXS7 (AXSA:2025-9734:08)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9734:08 advisory. firefox: Use-after-free in WebTransportChild CVE-2025-1931 firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process...

Authorization Bypass Through User-Controlled Key

Description Bypass https://hackerone.com/reports/496293 via \b backspace character. Proof of Concept const parse = require'./index.js' url = parse'\bhttp://google.com' console.logurl Result: slashes: false, protocol: '', hash: '', query: '', pathname: '\bhttp://google.com', auth: '', host: '',...

CVE-2007-5934

The CVE-2007-5934 issue affects the PHP MDB2 project (MDB2 and its mysqli/ mysql drivers) where the LOB functionality incorrectly interprets a request to store a URL string as a request to fetch and store the contents of that URL. This can allow an MDB2-based application to act as an indirect pro...

Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-200-1)

A buffer overflow was discovered in the XBM image handler. By tricking an user into opening a specially crafted XBM image, an attacker could exploit this to execute arbitrary code with the user's privileges. CAN-2005-2701 Mats Palmgren discovered a buffer overflow in the Unicode string parser...

Command-line handling on Linux allows shell execution — Mozilla

URLs passed to Linux versions of Firefox and Thunderbird on the command-line were not correctly protected against interpretation by the shell. As a result a malicious URL can result in the execution of shell commands with the privileges of the user. If Firefox is set as the default handler for we...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

Binary data 4568.prm...