|
2941
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8964
|
2026-05-20 23:57 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2942
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-8968
|
2026-05-20 23:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2943
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8969
|
2026-05-20 23:55 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2944
|
9.1 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-8948
|
2026-05-20 23:53 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2945
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8949
|
2026-05-20 23:49 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2946
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Spoofing issue in the Toolbar component in Firefox for Android. This vulnerability was fixed in Firefox 151.
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-8951
|
2026-05-20 23:48 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2947
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
thunderbird
|
Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
|
CWE-346
Origin Validation Error
|
CVE-2026-8971
|
2026-05-20 23:41 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2948
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-8956
|
2026-05-20 23:31 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2949
|
9.6 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
|
CWE-20
CWE-119
CWE-693
Improper Input Validation
Incorrect Access of Indexable Resource ('Range Error')
Protection Mechanism Failure
|
CVE-2026-8959
|
2026-05-20 23:28 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2950
|
8.8 |
HIGH
Network
|
-
|
-
|
Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows attackers with template rendering capabilities to pass arbitrary PH…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-24425
|
2026-05-20 23:25 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
