5 matches found
MiracleLinux 7 : firefox-128.12.0-1.0.1.el7.AXS7 (AXSA:2025-10426:21)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10426:21 advisory. firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet...
Security Vulnerabilities fixed in Firefox ESR 128.12 — Mozilla
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. Th...
Security Vulnerabilities fixed in Firefox ESR 115.25 — Mozilla
A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles...
CVE-2022-31746
Internal URLs are protected by a secret UUID key, which could have been leaked to web page through the Referrer header. This vulnerability affects Firefox for iOS 102...
PT-2022-3295 · Mozilla · Firefox
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 102 Description: The issue is related to the handling of HTTP requests, which could allow a remote attacker to bypass existing security restrictions and disclose protected information using the HTTP referer...