Monthly
Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.
Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.
Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.
CVE-2025-52557 is a stored/reflected XSS vulnerability in Mail-0's Zero email solution (version 0.8) that allows unauthenticated attackers to craft malicious emails containing unexecuted JavaScript code. When a victim opens the email in the web interface, the JavaScript executes in their browser context, enabling session hijacking and potential account takeover. The vulnerability has been patched in version 0.81, and exploitation requires user interaction (opening the email), making it a moderate-to-high severity issue suitable for rapid patching.
Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.
Sandbox escape via boundary violation in Firefox WebRender graphics component. CVSS 10.0 — allows escaping the content sandbox to execute code with elevated privileges.
Boundary violation in Firefox ImageLib graphics component before 148 enables memory corruption through crafted images.
Boundary violation in Firefox WebRTC Audio/Video component before 148 allows remote code execution through crafted WebRTC media streams.
CVE-2025-52557 is a stored/reflected XSS vulnerability in Mail-0's Zero email solution (version 0.8) that allows unauthenticated attackers to craft malicious emails containing unexecuted JavaScript code. When a victim opens the email in the web interface, the JavaScript executes in their browser context, enabling session hijacking and potential account takeover. The vulnerability has been patched in version 0.81, and exploitation requires user interaction (opening the email), making it a moderate-to-high severity issue suitable for rapid patching.
Improper handling of physical or environmental conditions in some Intel(R) Processors may allow an authenticated user to enable denial of service via local access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.