365248 matches found
CVE-2026-10640 Use-after-free reading `net_pkt` `iface` after send in IPv6 Neighbor Discovery (`ipv6_nbr.c`)
Zephyr's IPv6 Neighbor Discovery send paths netipv6sendna, netipv6sendns, netipv6sendrs in subsys/net/ip/ipv6nbr.c updated the per-interface ICMP-sent statistics by calling netpktifacepkt after netsenddatapkt had already returned successfully. On the success path the network stack owns and releas...
CVE-2026-10639 Use-after-free reading `net_pkt_iface()` of a sent ICMPv4 echo-reply packet in `icmpv4_handle_echo_request()`
In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...
CVE-2026-10638 Use-after-free in Zephyr ICMPv6 RX path when updating statistics after sending an echo reply or error
subsys/net/ip/icmpv6.c reads the network interface from a netpkt after that packet has been handed to nettrysenddata. In icmpv6handleechorequest and neticmpv6senderror, the post-send statistics update calls netpktifacereply/netpktifacepkt on the just-sent packet. The send path nettrysenddata -...
CVE-2026-10637 Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query
subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...
CVE-2026-10636 Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)
In Zephyr's IPv4 IGMP implementation, igmpsend in subsys/net/ip/igmp.c read the network interface back out of the packet via netpktifacepkt after the packet had been handed to netsenddata. On the successful-send path the packet's last reference may already have been released by the L2 driver or b...
CVE-2026-11317 Rockwell Automation Logix 5370 and 5570 Controllers Vulnerable To Denial of Service Via CIP
A denial of service security issue exists in the affected product. The security issue stems from a fault occurring when a crafted CIP message is sent. Devices with less memory are more likely to be affected. This can result in a major nonrecoverable fault MNRF. A program download is required to...
CVE-2026-53900 Cookie injection was possible when opening a PDF link
Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-53899 Cross-origin cookies could be leaked when opening a PDF link
Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability was fixed in Firefox for iOS 152.0...
CVE-2026-12330 Incorrect boundary conditions in the Internationalization component
Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12...
CVE-2026-12329 Memory safety bug fixed in Thunderbird ESR 140.12
Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12...
CVE-2026-12328 Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
CVE-2026-12327 Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152
Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in...
CVE-2026-12326 Memory safety bugs fixed in Firefox 152 and Thunderbird 152
Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12325 Denial-of-service in the Graphics: ImageLib component
Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12324 Incorrect boundary conditions in the Graphics: CanvasWebGL component
Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12323 Spoofing issue in the DOM: Core & HTML component
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12322 Clickjacking issue in the Widget: Gtk component
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12321 JIT miscompilation in the JavaScript: WebAssembly component
JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12320 Information disclosure in the Password Manager component
Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12319 Denial-of-service in the Audio/Video: Playback component
Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12318 Incorrect boundary conditions in the Libraries component in NSS
Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12317 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12316 Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12315 Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12314 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12313 Information disclosure, sandbox escape in the Security: Process Sandboxing component
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12312 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12311 Information disclosure, sandbox escape in the Security: Process Sandboxing component
Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12310 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12309 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12308 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12307 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12306 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12305 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12304 Same-origin policy bypass in the Networking: Cookies component
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12303 Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component
Information disclosure due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12302 Mitigation bypass in the DOM: Security component
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12301 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12300 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12299 JIT miscompilation in the DOM: Core & HTML component
JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12298 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12297 Sandbox escape due to incorrect boundary conditions in the Networking component
Sandbox escape due to incorrect boundary conditions in the Networking component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12296 Sandbox escape in the Security: Process Sandboxing component
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12295 Sandbox escape in the DOM: Navigation component
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12294 Sandbox escape in the DOM: Workers component
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12293 Use-after-free in the Graphics: WebGPU component
Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...
CVE-2026-12292 Incorrect boundary conditions in the Web Audio component
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12291 Use-after-free in the Networking: HTTP component
Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12290 Memory safety bug fixed in Firefox 152
Memory safety bug fixed in Firefox 152. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...
CVE-2026-12289 Privilege escalation in the Graphics: WebRender component
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12...