CVE-2026-11799

Publié : 9 juin 2026

Modifié : 9 juin 2026

Description détaillée

UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1.

Références et Patchs

https://bugzilla.mozilla.org/show_bug.cgi?id=1975667 https://www.mozilla.org/security/advisories/mfsa2026-55/

Dernières Vulnérabilités

CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command

VOIR DÉTAILS

The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command.

VOIR DÉTAILS

CVE-2026-9752

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not inspect members of a GeometryCollection, allowing the unsafe path to be reached which ends with an ensuing null-pointer dereference.

VOIR DÉTAILS

CVE-2026-11799

Description détaillée

Références et Patchs

Dernières Vulnérabilités

CVE-2026-9754

CVE-2026-9753

CVE-2026-9752