Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
Denial-of-service in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11.
A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended fr
A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1
on Windows
. When opening a PDF containing specially crafte
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows DOM-Based XSS.This issue
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScrip
Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thund
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIN
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Denial-of-service in the XML component. This vulnerability was fixed in Firefox 149 and Thunderbird 149.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite allows Stored XSS.This issue aff
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13,
Sandbox escape in the Graphics: WebRender component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8.
← Previous Page 5