Page 5 of 274 results (0.004 seconds)

CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0

26 May 2025 — A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46804 • CWE-203: Observable Discrepancy •

CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0

26 May 2025 — Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root. • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-46805 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 1

17 May 2025 — An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR < 115.23.1. An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. A flaw was found in Firefox and Thunderbird. • https://github.com/HExploited/CVE-2025-4919-Exploit • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0

17 May 2025 — An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox ESR < 115.23.1. An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. A flaw was found in Firefox and Thunderbird. • https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

14 May 2025 — It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web pages listed in the X-Mozilla-External-Attachment-URL header of an email. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. • https://bugzilla.mozilla.org/show_bug.cgi?id=1960412 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 6.5EPSS: 0%CPEs: 23EXPL: 0

14 May 2025 — Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened, allowing the embedded JavaScript to run without requiring a file download. This behavior relies on Thunderbird auto-saving the attachment to /tmp and linking to it via the file:/// protocol, potentially enabling Ja... • https://bugzilla.mozilla.org/show_bug.cgi?id=1958376 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

14 May 2025 — Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an (invalid) value "Spoofed Name ", Thunderbird treats spoofed@example.com as the actual address. This vulnerability affects Thunderbird < 128.10.1 and Thunderbird < 138.0.1. The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird parses addresses in a way that can allow sender spoofing in case the server all... • https://bugzilla.mozilla.org/show_bug.cgi?id=1950629 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0

29 Apr 2025 — Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10. Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1894100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

29 Apr 2025 — Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2C1952105 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0

29 Apr 2025 — A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird ESR < 128.10. A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to o... • https://bugzilla.mozilla.org/show_bug.cgi?id=1952465 • CWE-125: Out-of-bounds Read •