141 matches found
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
...
Linux Distros Unpatched Vulnerability : CVE-2022-39427
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily...
Linux Distros Unpatched Vulnerability : CVE-2022-39421
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.40. Easily...
Linux Distros Unpatched Vulnerability : CVE-2021-2312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.20. Easily...
Linux Distros Unpatched Vulnerability : CVE-2022-21491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.34. Easily...
Linux Distros Unpatched Vulnerability : CVE-2021-21237
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git LFS is a command line extension for managing large files with Git. On Windows, if Git LFS operates on a malicious repository with a git.bat or git.exe file ...
Linux Distros Unpatched Vulnerability : CVE-2023-21885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.42 and prior t...
Linux Distros Unpatched Vulnerability : CVE-2019-11753
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Firefox installer allows Firefox to be installed to a custom user writable location, leaving it unprotected from manipulation by unprivileged users or...
Linux Distros Unpatched Vulnerability : CVE-2023-29532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB...
Linux Distros Unpatched Vulnerability : CVE-2019-17021
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During the initialization of a new content process, a race condition occurs that can allow a content process to disclose heap addresses from the parent process...
Linux Distros Unpatched Vulnerability : CVE-2019-9801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firefox will accept any registered Program ID as an external protocol handler and offer to launch this local application when given a matching URL on Windows...
Linux Distros Unpatched Vulnerability : CVE-2019-9794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This coul...
Linux Distros Unpatched Vulnerability : CVE-2023-4052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted wi...
Linux Distros Unpatched Vulnerability : CVE-2021-29964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A locally-installed hostile program could send WMCOPYDATA messages that Firefox would process incorrectly, leading to an out-of-bounds read. This bug only affec...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the path.join function. An attacker can bypass the path traversal protection and access restricted files by crafting specific path inputs that leverage Windows reserved driver names such as CON, PRN, and AUX. Note...
electron ASAR Integrity bypass by just modifying the content
electron's ASAR Integrity can be bypass by modifying the content. Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macO...
CVE-2025-5265
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. Thi...
PT-2025-22990
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 115.24 Firefox ESR versions prior to 128.11 Description The issue arises from insufficient escaping of the ampersand character in the "Copy as cURL" feature. This could allow an...
OESA-2025-1489 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting...
Allocation of Resources Without Limits or Throttling
Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView...