Fysac/netsurf-disclosure

Releases0

Public disclosure of vulnerabilities in NetSurf

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-29699 ↗	Nov 3, 2025Monday, 3 November 2025, 15:15	6.5 MEDIUM	—
NetSurf 3.11 is vulnerable to Use After Free in dom_node_set_text_content function.
CVE-2025-45663 ↗	Nov 3, 2025Monday, 3 November 2025, 15:15	6.5 MEDIUM	—
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure.
CVE-2024-51317 ↗	Nov 3, 2025Monday, 3 November 2025, 15:15	6.5 MEDIUM	—
An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function