VYPR
Vendor

Zen Browser

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2026-41431HigMay 11, 2026
    risk 0.45cvss 8.0epss 0.00

    Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Firefox codebase it was forked from. The MAR files served to users contain zero…

  • CVE-2026-44659MedMay 11, 2026
    risk 0.31cvss 4.7epss 0.00

    Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain (eTLD+1). As a result, an attacker can craft extremely…

  • CVE-2026-44658LowMay 11, 2026
    risk 0.16cvss 2.4epss 0.00

    Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same restriction. The provider maps each RSS/Atom item link into item.url, filters…