Astra Linux - уязвимость в firefox, thunderbird

The Enhanced Tracking Protection’s Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS attacks through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames disguised as legitimate content. This...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

Astra Linux - уязвимость в firefox

Mitigation bypass in Web Compatibility: Tooling component. This vulnerability has been fixed in Firefox 143 and Thunderbird 143...

MiracleLinux 7 : firefox-128.6.0-1.0.1.el7.AXS7 (AXSA:2025-9585:03)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-9585:03 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

FreeBSD : Firefox -- Mitigation bypass (a4bebda9-b808-11f0-8016-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a4bebda9-b808-11f0-8016-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility...

EUVD-2023-29648

Malicious code in bioql PyPI...

EUVD-2024-48431

Malicious code in bioql PyPI...

SUSE CVE-2025-10531

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

CVE-2025-10531

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox 143 and Thunderbird 143...

UBUNTU-CVE-2025-10531

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox 143 and Thunderbird 143...

CVE-2025-10531

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

CVE-2025-10531 Mitigation bypass in the Web Compatibility: Tooling component

Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143...

Firefox -- Mitigation bypass

https://bugzilla.mozilla.org/showbug.cgi?id=1978453 reports: Mitigation bypass in the Web Compatibility: Tooling component...

Linux Distros Unpatched Vulnerability : CVE-2024-11694

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP frame-src bypass and DOM-based XSS through the Google SafeFrame shim in the Web...

firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser and persisted between containers and...

ALSA-2025:10073 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Content-Disposition header ignored when a file is included in an embed or object tag CVE-2025-6430 firefox: Use-after-free in FontFaceSet CVE-2025-6424 firefox:...

USN-7193-1 thunderbird vulnerability

Masato Kinugawa discovered that Thunderbird did not properly validate the CSP policy in the Web Compatibility extension. An attacker could potentially exploit this issue to perform a cross-site scripting attack...

RLSA-2024:10591 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...