150 matches found
CVE-2026-43704
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious web extension may be able to cause an unexpected process crash...
CVE-2026-43704
Summary of CVE-2026-43704 : A use-after-free vulnerability in Web Extensions for Safari/WebKit allowed an attacker-controlled extension to trigger an unexpected process crash. The issue is addressed by memory-management fixes in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Af...
Astra Linux – Vulnerability in Firefox and Thunderbird
It was possible for a web extension with minimal permissions to create a StreamFilter, which could be used to read and modify the response body of requests on any site. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
Astra Linux – Vulnerability in Firefox
jar: URLs retrieve the content of local files that are packaged in ZIP archives. The null character and everything after it were ignored when retrieving the content from the archive. However, the fake extension after the null character was used to determine the type of content. This could have be...
Astra Linux - уязвимость в firefox
When following a redirect to a publicly accessible web extension file, the URL may have been translated into the actual local path, potentially exposing sensitive information. This vulnerability affects Firefox versions earlier than 111...
Astra Linux – Vulnerability in Firefox and Thunderbird
Web-accessible extension pages pages with a moz-extension:// scheme did not correctly enforce the frame-ancestors directive when it was used in the Web Extension’s Content Security Policy. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...
PT-2026-40252
linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO URL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a ...
CVE-2026-20676
This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...
CVE-2026-20676
This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may be able to track users through Safari web extensions...
EUVD-2020-27955
Malware in sbrugna...
EUVD-2025-6280
Malicious code in bioql PyPI...
EUVD-2023-31868
Malicious code in bioql PyPI...
EUVD-2022-27904
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-28160
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive...
TencentOS Server 4: thunderbird (TSSA-2024:0668)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0668 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
CVE-2023-28160
When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox 111...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
CVE-2025-2280
Improper access control in web extension restriction feature in Devolutions Server 2024.3.4.0 and earlier allows an authenticated user to bypass the browser extension restriction feature...
CVE-2025-2280
In Devolutions Server, CVE-2025-2280 corresponds to improper access control in the Web Extension Restrictions feature, affecting version 2024.3.4.0 and earlier. An authenticated user can bypass the browser extension restriction, per sources describing this vulnerability. The provided documents co...