Astra Linux - уязвимость в firefox

When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...

Astra Linux – Vulnerability in Firefox and Thunderbird

Web-accessible extension pages pages with a moz-extension:// scheme did not correctly enforce the frame-ancestors directive when it was used in the Web Extension’s Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

PT-2026-40252

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

CVE-2026-20676

This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...

EUVD-2020-27955

Malware in sbrugna...

EUVD-2025-6280

Malicious code in bioql PyPI...

EUVD-2023-31868

Malicious code in bioql PyPI...

EUVD-2022-27904

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-28160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive...

Astra Linux – Vulnerability in Firefox

jar: URLs retrieve the content of local files that are packaged in ZIP archives. The null character and everything after it were ignored when retrieving the content from the archive. However, the fake extension after the null character was used to determine the type of content. This could have be...

TencentOS Server 4: thunderbird (TSSA-2024:0668)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0668 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2023-28160

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

CVE-2025-2280

In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...

CVE-2025-2280

Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions that stems from improper access control of the Web Extension...

firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...