esm.sh 路径遍历漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the fact that older routers did not clean up path components during the concatenation process, allowing attackers...

Astra Linux - уязвимость в firefox

By first using the AI chatbot in one tab and then activating it in another tab, the document title from the previous tab would be leaked into the chat prompt. This vulnerability was fixed in Firefox 137...

SUSE CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180 esm.sh is vulnerable to full-response SSRF

esm.sh is a no-build content delivery network CDN for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability...

CVE-2025-50180

CVE-2025-50180 affects esm.sh, a no-build CDN for web development. The NVD entry and Red Hat/OSV entries describe a full-response SSRF vulnerability in version 136 of esm.sh, enabling an attacker to retrieve information from internal websites. The issue is fixed in version 137. Connected document...

CVE-2025-5068

Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption, and we presume that with enough...

firefox: thunderbird: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption, and we presume that with enough...

UBUNTU-CVE-2025-4092

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

CVE-2025-4092 Memory safety bugs fixed in Firefox 138 and Thunderbird 138

Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 138 and Thunderbird 138...

firefox: thunderbird: Use-after-free triggered by XSLTProcessor

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

Mozilla Thunderbird Security Update (mfsa_2025-23) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Firefox Security Update (mfsa_2025-20) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox 137 and Thunderbird 137...

CVE-2025-3035

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137...

DEBIAN-CVE-2025-3029

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...

UBUNTU-CVE-2025-3031

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137...

UBUNTU-CVE-2025-3035

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137...

Mozilla Firefox和Mozilla Thunderbird 安全漏洞

Mozilla Firefox and Mozilla Thunderbird are both products of the Mozilla Foundation in the U.S. Mozilla Firefox is an open-source Web browser.Mozilla Thunderbird is a separate set of Mozilla Application Suite Email client software. The software supports IMAP, POP mail protocols, and HTML mail...