[SECURITY] Fedora 43 Update: yt-dlp-2026.02.21-1.fc43

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox 140, Firefox ESR...

UBUNTU-CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

[SECURITY] Fedora 39 Update: yt-dlp-2024.07.09-1.fc39

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

Cross site scripting

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name...

CVE-2023-48114

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name...

[SECURITY] Fedora 37 Update: yt-dlp-2023.07.06-1.fc37

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

[SECURITY] Fedora 38 Update: yt-dlp-2023.07.06-1.fc38

yt-dlp is a command-line program to download videos from many different online video platforms, such as youtube.com. The project is a fork of youtube-dl with additional features and fixes...

GHSA-PXMP-FWJC-4X7Q HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

HTML Injection in marky-markdown

All versions of marky-markdown are vulnerable to HTML Injection due to a validation bypass. The package only allows iframes where the source is youtube.com but it is possible to bypass the validation with sources where youtube.com is the sub-domain, such as youtube.com.evil.co. This Recommendatio...

HTML Injection

marky-markdown is vulnerable to HTML Injection. The vulnerability exists as it improperly validates youtube.com as the source value of the iframes. An attacker is able to pass in a value such as youtube.com.evil.com and bypass the validation...

youtube.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-692298 Description| Value ---|--- Affected Website:| youtube.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| hidden...

youtube.com Open Redirect vulnerability

Open Bug Bounty ID: OBB-560504 Description| Value ---|--- Affected Website:| youtube.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

Unfixed XSS vulnerability at www.news-youtube.com

Security researcher CCC, has submitted on 10/03/2008 a cross-site-scripting XSS vulnerability affecting www.news-youtube.com, which at the time of submission ranked 649934 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/03/2008. It is...