148 matches found
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
Astra Linux - уязвимость в firefox, thunderbird
Web-accessible extension pages pages with a moz-extension:// scheme did not correctly enforce the frame-ancestors directive when it was used in the Web Extension’s Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
Astra Linux - уязвимость в firefox
jar: URLs retrieve the content of local files that are packaged in ZIP archives. The null character and everything after it were ignored when retrieving the content from the archive. However, the fake extension after the null character was used to determine the type of content. This could have be...
Astra Linux - уязвимость в firefox, thunderbird
It was possible for a web extension with minimal permissions to create a StreamFilter, which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
Astra Linux - уязвимость в firefox
When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...
CVE-2026-20676
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...
CVE-2026-20676
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...
EUVD-2020-27955
Malware in sbrugna...
EUVD-2022-27904
Malicious code in bioql PyPI...
EUVD-2023-31868
Malicious code in bioql PyPI...
EUVD-2025-6280
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-28160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive...
TencentOS Server 4: thunderbird (TSSA-2024:0668)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0668 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2023-28160
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
CVE-2025-2280
In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was...
Devolutions Server 安全漏洞
Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.13 and prior versions that stems from improper access control of the Web Extension...