firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component...

Linux Distros Unpatched Vulnerability : CVE-2026-8949

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...

CVE-2026-26162

Access of resource using incompatible type 'type confusion' in Windows OLE allows an authorized attacker to elevate privileges locally...

EUVD-2026-22483

Time-of-check time-of-use toctou race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally...

EUVD-2026-22351

Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...

Windows COM Server Information Disclosure Vulnerability

Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally...

April 14, 2026—KB5082198 (OS Build 14393.9060)

April 14, 2026—KB5082198 OS Build 14393.9060 Windows Secure Boot certificate expiration Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated ...

PT-2026-32717

CVE-2026-20806 Access of resource using incompatible type 'type confusion' in Windows COM allows an authorized attacker to disclose information locally. https://t.co/pPGYfQ4IPk...

PT-2026-32831

🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...

CVE-2026-21240

Time-of-check time-of-use toctou race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally...

EUVD-2025-206729

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...

PT-2026-5928

Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component...

Net-SNMP snmptrapd crash

...

Microsoft Inbox COM Objects Code Execution Vulnerability

Microsoft Inbox COM Objects is a built-in COM component of the Windows operating system from the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Inbox COM Objects, which can be exploited by an attacker to execute arbitrary code on a system...

EUVD-2025-34317

Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally...

CVE-2024-43509 Windows Graphics Component Elevation of Privilege Vulnerability

...

PT-2024-3519 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a buffer overflow in the Win32k component Win32k.sys of Windows operating systems, which can allow an attacker to elevate their privileges and access sensitive data...

PT-2024-3520 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the use of memory after it has been freed in the Win32k component of Windows operating systems. This can allow an attacker to elevate their privileges. The estimated...

VulnCheck KEV: CVE-2020-1375

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'...