60 matches found
TencentOS Server 4: firefox (TSSA-2025:0582)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0582 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Firefox JavaScript Use-After-Free
Firefox has an issues where JavaScript can run during XSLTProcessor transform, leading to a use-after-free condition...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
Important: firefox
Issue Overview: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9. CVE-2025-3028 A crafted URL containing specific Unico...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
OESA-2025-1420 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
OESA-2025-1419 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.9 MFSA 2025-24 bsc1240083 CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firefox 137,...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 bsc1240083: CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firef...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
firefox: thunderbird: Use-after-free triggered by XSLTProcessor
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 bsc1240083: CVE-2025-3028: Use-after-free triggered by XSLTProcessor CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters CVE-2025-3030: Memory safety bugs fixed in Firef...
DEBIAN-CVE-2025-3028
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...
CVE-2025-3028
JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9...
OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...
GHSA-CHFM-68VV-PVW5 XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Impact When performing XSLT transformations XMLUnit for Java did not disable XSLT extension functions by default. Depending on the XSLT processor being used this could allow arbitrary code to be executed when XMLUnit is used to transform data with a stylesheet who's source can not be trusted. If...