Lucene search
K

25 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57501

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

6AI score0.0029EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-57501 Zen: Context-menu "Open link in glance" / "Split link in new tab" loads a page-controlled link with the System principal, bypassing the web-content scheme restriction

Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link t...

0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57005

Name of the Vulnerable Software and Affected Versions Zen versions prior to 1.21.5b Description In the glance and split-view context-menu actions, specifically Open link in glance and Split link in new tab, the browser loads a page-controlled link URL using the System principal instead of the...

6.1AI score0.0029EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS5.7AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.21 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS0.00157EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.27 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:1 p.m.7 views

CVE-2026-44659

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/11 5:1 p.m.25 views

CVE-2026-44659

CVE-2026-44659 – Zen Browser Mac : Zen is a Firefox-based browser. Before version 1.19.12b, the address bar truncates long hostnames, displaying only the attacker-controlled prefix of the subdomain and hiding the registrable domain (eTLD+1). This can enable attackers to craft extremely long subdo...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 5:1 p.m.10 views

EUVD-2026-29133

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

4.7CVSS5.8AI score0.00164EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 5:0 p.m.43 views

CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS0.00157EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 5:0 p.m.15 views

EUVD-2026-29132

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:0 p.m.9 views

CVE-2026-44658

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 5:0 p.m.10 views

CVE-2026-44658 Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation

Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters only for presence and...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 5:0 p.m.20 views

CVE-2026-44658

CVE-2026-44658 (Zen Browser) : Zen Browser is a Firefox-based browser. The issue arises when RSS/Atom item links parsed from feeds are mapped to item.url without the same http/https scheme restriction applied in promptForFeedUrl; these links are then used by the live-folder manager to create pinn...

2.4CVSS5.8AI score0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 4:55 p.m.39 views

CVE-2026-41431 Zen Browser MAR updater ships with signature verification removed — unsigned updates accepted

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:55 p.m.7 views

CVE-2026-41431

Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource MAR updater org.mozilla.updater that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero cryptographic signatures...

8CVSS6AI score0.00199EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/11 4:55 p.m.36 views

CVE-2026-41431

Zen Browser ships a MAR updater (org.mozilla.updater) with signature verification removed, leaving MAR files unsigned and the updater without verification code. Prior to version 1.19.9b, this enables arbitrary unsigned updates if the update server or GitHub release pipeline is compromised. The is...

8CVSS6AI score0.00199EPSS
Exploits0References2
Rows per page
Query Builder