1371 matches found
CVE-2026-8955 Privilege escalation in the DOM: Workers component
Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
CVE-2026-8955
CVE-2026-8955 describes a privilege-escalation flaw in the DOM: Workers component. The vulnerability is fixed in Firefox 151 and Firefox ESR 140.11, as well as Thunderbird 151 and Thunderbird 140.11. The core issue is in the Workers implementation of the DOM, leading to elevated permissions. Per ...
EUVD-2026-30905
Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
CVE-2026-8955
Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
Mozilla多款产品 安全漏洞
Mozilla Firefox, among others, are products of the American Mozilla Foundation. Mozilla Firefox is an open-source web browser. Mozilla Firefox ESR is a extended support version of Firefox the web browser. Mozilla Thunderbird is an email client software that emerged independently from the Mozilla...
KLA91062 Multiple vulnerabilities in Mozilla Firefox ESR
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in...
KLA91058 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. Denia...
PT-2026-41909
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 151 Firefox ESR versions prior to 140.11 Thunderbird versions prior to 151 Thunderbird versions prior to 140.11 Description A privilege escalation issue exists within the DOM: Workers component...
KLA91059 Multiple vulnerabilities in Mozilla Thunderbird ESR
Multiple vulnerabilities were found in Mozilla Thunderbird ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2026-8955
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11...
CVE-2026-44592
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
EUVD-2026-30365
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
Malicious code in 0ctf-chalweb (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6d7a129ab6079febb92ceac3587af97653477bce8a65b8e85bfa5bcae0293b0d The package's entire content xss.js is a 2-line cookie-stealing payload that creates an Image element pointing to...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017348)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017348 advisory. A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, an...
MAL-2026-3644 Malicious code in camelotlabs-worker (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...
MAL-2026-3640 Malicious code in camelotlabs-config (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...
Malicious code in camelotlabs-sdk (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...
Malicious code in camelotlabs-core (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...
Malicious code in camelotlabs-utils (npm)
Five packages camelotlabs-sdk, camelotlabs-core, camelotlabs-config, camelotlabs-worker, and camelotlabs-utils were published to the public npm registry at version 99.0.0 by the actor madman0619 as a dependency confusion attack targeting the internal npm packages of Camelot Labs. The inflated...