64 matches found
Astra Linux - уязвимость в thunderbird, firefox
The WebChannel API, which is used to transfer various types of information between processes, did not check the identity of the sender. Instead, it accepted the identity of the sender without verification. This could lead to privilege escalation attacks. This vulnerability has been fixed in Firef...
[SECURITY] Fedora 44 Update: qt6-qtwebchannel-6.10.3-1.fc44
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...
MiracleLinux 9 : firefox-128.6.0-1.el9_5.ML.1 (AXSA:2025-9549:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9549:02 advisory. firefox: Use-after-free when breaking lines in text CVE-2025-0238 firefox: Memory corruption when using JavaScript Text Segmentation CVE-2025-0241...
[SECURITY] Fedora 42 Update: qt5-qtwebchannel-5.15.18-1.fc42
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...
[SECURITY] Fedora 42 Update: qt6-qtwebchannel-6.9.3-1.fc42
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...
EUVD-2015-2808
Malware in sbrugna...
EUVD-2025-1569
Malicious code in bioql PyPI...
[SECURITY] Fedora 42 Update: qt6-qtwebchannel-6.9.1-1.fc42
The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...
FreeBSD : Mozilla -- privilege scalation attack (ea51e89a-116c-11f0-8b2c-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ea51e89a-116c-11f0-8b2c-b42e991fc52e advisory. [email protected] reports: The WebChannel API, which is used to transport various information across...
Linux Distros Unpatched Vulnerability : CVE-2025-0237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being...
OESA-2025-1086 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. Thi...
OESA-2025-1085 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. Thi...
Updated thunderbird packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
MGASA-2025-0009 Updated firefox packages fix security vulnerabilities
WebChannel APIs susceptible to confused deputy attack. CVE-2025-0237 Use-after-free when breaking lines in text. CVE-2025-0238 Alt-Svc ALPN validation failure when redirected. CVE-2025-0239 Compartment mismatch when parsing JavaScript JSON module. CVE-2025-0240 Memory corruption when using...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 MFSA 2025-05, bsc1234991 Security fixes: CVE-2025-0237 bmo1915257 WebChannel APIs susceptible to confused deputy attack CVE-2025-0238 bmo1915535 Use-after-free when breaking lines in text...
firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...
firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to...