PT-2026-57005 · Zen Browser · Rdesktop
Published
2026-07-09
·
Updated
2026-07-09
·
CVE-2026-57501
CVSS v3.1
0.0
None
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N |
Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link to a file URL that can load with System privileges when opened through either context-menu item and bypass the content-to-file security check that blocks an ordinary click. This issue is fixed in version 1.21.5b.
Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rdesktop