2026年7月15日星期三

Mozilla 產品多個漏洞

Mozilla 產品多個漏洞

發佈日期: 2026年07月15日

風險: 高度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞,於目標系統觸發阻斷服務狀況、遠端執行任意程式碼、繞過保安限制及資料篡改。

 

注意:

CVE-2026-15718 及 CVE-2026-15719 的漏洞利用程式碼已公開。CVE-2026-15718 是 Firefox JavaScript WebAssembly 元件中的無效記憶體指標漏洞。CVE-2026-15719 則影響 Firefox DOM 導覽元件的網站隔離功能。因此,此漏洞的風險等級被評為高度風險。


影響

  • 阻斷服務
  • 遠端執行程式碼
  • 繞過保安限制
  • 篡改

受影響之系統或技術

以下版本之前的版本﹕

 

  • Firefox 152.0.6
  • Firefox for iOS 152.4

解決方案

在安裝軟體之前,請先瀏覽供應商之官方網站,以獲得更多詳細資料。

更新至版本:

 

  • Firefox 152.0.6
  • Firefox for iOS 152.4

漏洞識別碼


資料來源


相關連結

Mozilla Products Multiple Vulnerabilities

Mozilla Products Multiple Vulnerabilities

Release Date: 15 Jul 2026

RISK: High Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and data manipulation on the targeted system.

 

Note:

Exploit code for CVE-2026-15718 and CVE-2026-15719 is public. For CVE-2026-15718, it is an invalid memory pointer in WebAssembly flaw in Firefox’s JavaScript WebAssembly component. For CVE-2026-15719, it affects site isolation in Firefox’s DOM navigation component. Hence, the risk level is rated as High Risk.

 

 


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Data Manipulation

System / Technologies affected

Versions prior to:

 

  • Firefox 152.0.6
  • Firefox for iOS 152.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

  • Firefox 152.0.6
  • Firefox for iOS 152.4

Vulnerability Identifier


Source


Related Link

Adobe 每月保安更新 (2026年7月)

Adobe 每月保安更新 (2026年7月)

發佈日期: 2026年07月15日

風險: 中度風險

類型: 用戶端 - 辦公室應用

Adobe已為產品提供本月保安更新:

 

受影響產品風險程度影響備註詳情(包括 CVE)
Adobe Audition中度風險 中度風險遠端執行程式碼 APSB26-71
Adobe Media Encoder中度風險 中度風險遠端執行程式碼 APSB26-72
Adobe Commerce中度風險 中度風險權限提升
遠端執行程式碼
跨網站指令碼
繞過保安限制
 APSB26-73
Adobe Experience Manager中度風險 中度風險遠端執行程式碼
繞過保安限制
資料洩露
跨網站指令碼
權限提升
 APSB26-74
Adobe Premiere Pro中度風險 中度風險遠端執行程式碼
繞過保安限制
 APSB26-76
Adobe Creative Cloud Desktop Application中度風險 中度風險權限提升 APSB26-77
Adobe After Effects中度風險 中度風險遠端執行程式碼 APSB26-78
Adobe Illustrator中度風險 中度風險權限提升
遠端執行程式碼
 APSB26-79
Content Credentials SDK中度風險 中度風險權限提升
阻斷服務
遠端執行程式碼
繞過保安限制
資料洩露
 APSB26-80
Adobe Bridge中度風險 中度風險遠端執行程式碼 APSB26-81
Adobe ColdFusion中度風險 中度風險遠端執行程式碼
權限提升
跨網站指令碼
繞過保安限制
資料洩露
 APSB26-82
Adobe Animate中度風險 中度風險遠端執行程式碼 APSB26-83

 

「極高度風險」產品數目:0

「高度風險」產品數目:0

「中度風險」產品數目:12

「低度風險」產品數目:0

整體「風險程度」評估:中度風險


影響

  • 遠端執行程式碼
  • 阻斷服務
  • 權限提升
  • 資料洩露
  • 繞過保安限制
  • 跨網站指令碼

受影響之系統或技術

  • Adobe Animate 2023 23.0.15 及以前版本
  • Adobe Animate 2024 24.0.13 及以前版本
  • Adobe Bridge 15.1.5 (LTS) 及以前版本
  • Adobe Bridge 16.0.3 及以前版本
  • Adobe Commerce 2.4.9
  • Adobe Commerce 2.4.8-p5 及以前版本
  • Adobe Commerce 2.4.7-p10 及以前版本
  • Adobe Commerce 2.4.6-p15 及以前版本
  • Adobe Commerce 2.4.5-p17 及以前版本
  • Adobe Commerce 2.4.4-p18 及以前版本
  • Adobe Commerce B2B 1.5.3
  • Adobe Commerce B2B 1.5.2-p5 及以前版本
  • Adobe Commerce B2B 1.4.2-p10 及以前版本
  • Adobe Commerce B2B 1.3.4-p17 及以前版本
  • Adobe Commerce B2B 1.3.3-p18 及以前版本
  • Adobe Commerce Events 1.6.0 to 1.20.0
  • Adobe Experience Manager (AEM) 6.5 Service Pack 24 及以前版本
  • Adobe Experience Manager (AEM) AEM Cloud Service (CS) Release 2026.5.0 及以前版本
  • Adobe Experience Manager (AEM) 6.5 LTS Service Pack 1 及以前版本
  • Adobe After Effects 25.6.5 及以前版本 
  • Adobe After Effects 26.2.1 及以前版本 
  • Adobe Audition 26.0 及以前版本        
  • Adobe Audition 25.6.4 及以前版本        
  • Adobe Media Encoder 26.2.2 及以前版本
  • Adobe Media Encoder 25.6.5 及以前版本
  • Adobe Premiere Pro 25.6.5 及以前版本
  • Adobe Premiere 26.2.2 及以前版本
  • ColdFusion 2023 Update 21 及以前版本
  • ColdFusion 2025 Update 10 及以前版本
  • Content Credentials Command-Line Tool c2patool-v0.17.0 及以前版本
  • Content Credentials JS SDK @contentauth/c2pa-web@0.7.0 及以前版本
  • Content Credentials Rust SDK c2pa-v0.84.0 及以前版本
  • Creative Cloud Desktop Application  6.9.1.1 及以前版本
  • Illustrator 2025 29.8.7 及以前版本
  • Illustrator 2026 30.5 及以前版本
  • Magento Open Source 2.4.9
  • Magento Open Source 2.4.8-p5 及以前版本
  • Magento Open Source 2.4.7-p10 及以前版本
  • Magento Open Source 2.4.6-p15 及以前版本

解決方案

在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。

  • 安裝供應商提供的修補程式。個別產品詳情可參考上表「詳情」一欄或執行軟件更新。

漏洞識別碼


資料來源


相關連結

Adobe Monthly Security Update (July 2026)

Adobe Monthly Security Update (July 2026)

Release Date: 15 Jul 2026

RISK: Medium Risk

TYPE: Clients - Productivity Products

Adobe has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotesDetails (including CVE)
Adobe AuditionMedium Risk Medium RiskRemote Code Execution APSB26-71
Adobe Media EncoderMedium Risk Medium RiskRemote Code Execution APSB26-72
Adobe CommerceMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Cross-site Scripting
Security Restriction Bypass
 APSB26-73
Adobe Experience ManagerMedium Risk Medium RiskRemote Code Execution
Security Restriction Bypass
Information Disclosure
Cross-site Scripting
Elevation of Privilege
 APSB26-74
Adobe Premiere ProMedium Risk Medium RiskRemote Code Execution
Security Restriction Bypass
 APSB26-76
Adobe Creative Cloud Desktop ApplicationMedium Risk Medium RiskElevation of Privilege APSB26-77
Adobe After EffectsMedium Risk Medium RiskRemote Code Execution APSB26-78
Adobe IllustratorMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
 APSB26-79
Content Credentials SDKMedium Risk Medium RiskElevation of Privilege
Denial of Service
Remote Code Execution
Security Restriction Bypass
Information Disclosure
 APSB26-80
Adobe BridgeMedium Risk Medium RiskRemote Code Execution APSB26-81
Adobe ColdFusionMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Cross-site Scripting
Security Restriction Bypass
Information Disclosure
 APSB26-82
Adobe AnimateMedium Risk Medium RiskRemote Code Execution APSB26-83

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 12

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Medium Risk


Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Security Restriction Bypass
  • Cross-Site Scripting

System / Technologies affected

  • Adobe Animate 2023 23.0.15 and earlier versions
  • Adobe Animate 2024 24.0.13 and earlier versions
  • Adobe Bridge 15.1.5 (LTS) and earlier versions
  • Adobe Bridge 16.0.3 and earlier versions
  • Adobe Commerce 2.4.9
  • Adobe Commerce 2.4.8-p5 and earlier versions
  • Adobe Commerce 2.4.7-p10 and earlier versions
  • Adobe Commerce 2.4.6-p15 and earlier versions
  • Adobe Commerce 2.4.5-p17 and earlier versions
  • Adobe Commerce 2.4.4-p18 and earlier versions
  • Adobe Commerce B2B 1.5.3
  • Adobe Commerce B2B 1.5.2-p5 and earlier versions
  • Adobe Commerce B2B 1.4.2-p10 and earlier versions
  • Adobe Commerce B2B 1.3.4-p17 and earlier versions
  • Adobe Commerce B2B 1.3.3-p18 and earlier versions
  • Adobe Commerce Events 1.6.0 to 1.20.0
  • Adobe Experience Manager (AEM) 6.5 Service Pack 24 and earlier versions
  • Adobe Experience Manager (AEM) AEM Cloud Service (CS) Release 2026.5.0 and earlier versions
  • Adobe Experience Manager (AEM) 6.5 LTS Service Pack 1 and earlier versions
  • Adobe After Effects 25.6.5 and earlier versions     
  • Adobe After Effects 26.2.1 and earlier versions     
  • Adobe Audition 26.0 and earlier versions        
  • Adobe Audition 25.6.4 and earlier versions        
  • Adobe Media Encoder 26.2.2 and earlier versions
  • Adobe Media Encoder 25.6.5 and earlier versions
  • Adobe Premiere Pro 25.6.5 and earlier versions
  • Adobe Premiere 26.2.2 and earlier versions
  • ColdFusion 2023 Update 21 and earlier versions
  • ColdFusion 2025 Update 10 and earlier versions
  • Content Credentials Command-Line Tool c2patool-v0.17.0 and earlier versions
  • Content Credentials JS SDK @contentauth/c2pa-web@0.7.0 and earlier versions
  • Content Credentials Rust SDK c2pa-v0.84.0 and earlier versions
  • Creative Cloud Desktop Application 6.9.1.1 and earlier versions
  • Illustrator 2025 29.8.7 and earlier versions
  • Illustrator 2026 30.5 and earlier versions
  • Magento Open Source 2.4.9
  • Magento Open Source 2.4.8-p5 and earlier versions
  • Magento Open Source 2.4.7-p10 and earlier versions
  • Magento Open Source 2.4.6-p15 and earlier versions

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor. Please refer to 'Details' column in the above table for details of individual product update or run software update.

Vulnerability Identifier


Source


Related Link

微軟每月保安更新 (2026年7月)

微軟每月保安更新 (2026年7月)

發佈日期: 2026年07月15日

風險: 高度風險

類型: 操作系統 - 視窗操作系統

微軟已為產品提供本月保安更新:

 

受影響產品風險程度影響備註
Apps中度風險 中度風險遠端執行程式碼
權限提升
仿冒
 
視窗中度風險 中度風險權限提升
資料洩露
遠端執行程式碼
篡改
阻斷服務
繞過保安限制
仿冒
CVE-2026-56155 正在被廣泛利用。Active Directory 聯合身分驗證服務 (AD FS) 的存取控制權限劃分不夠精細,導致已授權的攻擊者能藉此在本地端提升權限。因此,該漏洞的風險等級被評定為中度風險。
延伸安全性更新 (ESU)中度風險 中度風險權限提升
資料洩露
遠端執行程式碼
篡改
阻斷服務
繞過保安限制
仿冒
CVE-2026-56155 正在被廣泛利用。Active Directory 聯合身分驗證服務 (AD FS) 的存取控制權限劃分不夠精細,導致已授權的攻擊者能藉此在本地端提升權限。因此,該漏洞的風險等級被評定為中度風險。
SQL Server中度風險 中度風險權限提升
遠端執行程式碼
仿冒
資料洩露
 
Azure中度風險 中度風險權限提升
阻斷服務
 
Server Software中度風險 中度風險權限提升
遠端執行程式碼
仿冒
 
開發者工具中度風險 中度風險權限提升
阻斷服務
資料洩露
繞過保安限制
遠端執行程式碼
篡改
仿冒
 
其他中度風險 中度風險遠端執行程式碼
篡改
 
System Center中度風險 中度風險遠端執行程式碼
權限提升
資料洩露
 
微軟 Office高度風險 高度風險仿冒
遠端執行程式碼
資料洩露
權限提升
繞過保安限制
CVE-2026-56164 正在被廣泛利用。Microsoft Office SharePoint 針對關鍵功能的身份驗證缺失,導致未經授權的攻擊者能透過網路提升權限。因此,該漏洞的風險等級被評定為高度風險。
Device中度風險 中度風險權限提升 
微軟 Dynamics中度風險 中度風險遠端執行程式碼 
開源軟件中度風險 中度風險權限提升
篡改
 

 

「極高度風險」產品數目:0

「高度風險」產品數目:1

「中度風險」產品數目:12

「低度風險」產品數目:0

整體「風險程度」評估:高度風險


影響

  • 遠端執行程式碼
  • 阻斷服務
  • 權限提升
  • 繞過保安限制
  • 資料洩露
  • 篡改
  • 仿冒

受影響之系統或技術

  • Apps
  • 視窗
  • 延伸安全性更新 (ESU)
  • SQL Server
  • Azure
  • Server Software
  • 開發者工具
  • 其他
  • System Center
  • 微軟 Office
  • Device
  • 微軟 Dynamics
  • 開源軟件

解決方案

在安裝軟體之前,請先瀏覽軟體供應商之網站,以獲得更多詳細資料。

  • 安裝軟件供應商提供的修補程式。

漏洞識別碼


資料來源


相關連結

Microsoft Monthly Security Update (July 2026)

Microsoft Monthly Security Update (July 2026)

Release Date: 15 Jul 2026

RISK: High Risk

TYPE: Operating Systems - Windows OS

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
AppsMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Spoofing
 
WindowsMedium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Data Manipulation
Denial of Service
Security Restriction Bypass
Spoofing
CVE-2026-56155 is being exploited in the wild. Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. Hence, the risk level of this vulnerability is rated as Medium Risk.
Extended Security Updates (ESU)Medium Risk Medium RiskElevation of Privilege
Information Disclosure
Remote Code Execution
Data Manipulation
Denial of Service
Security Restriction Bypass
Spoofing
CVE-2026-56155 is being exploited in the wild. Insufficient granularity of access control in Active Directory Federation Services (AD FS) allows an authorized attacker to elevate privileges locally. Hence, the risk level of this vulnerability is rated as Medium Risk.
SQL ServerMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
Information Disclosure
 
AzureMedium Risk Medium RiskElevation of Privilege
Denial of Service
 
Server SoftwareMedium Risk Medium RiskElevation of Privilege
Remote Code Execution
Spoofing
 
Developer ToolsMedium Risk Medium RiskElevation of Privilege
Denial of Service
Information Disclosure
Security Restriction Bypass
Remote Code Execution
Data Manipulation
Spoofing
 
OtherMedium Risk Medium RiskRemote Code Execution
Data Manipulation
 
System CenterMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
Information Disclosure
 
Microsoft OfficeHigh Risk High RiskSpoofing
Remote Code Execution
Information Disclosure
Elevation of Privilege
Security Restriction Bypass
CVE-2026-56164 is being exploited in the wild. Missing authentication for critical function in Microsoft Office SharePoint allows an unauthorized attacker to elevate privileges over a network. Hence, the risk level of this vulnerability is rated as High Risk.
DeviceMedium Risk Medium RiskElevation of Privilege 
Microsoft DynamicsMedium Risk Medium RiskRemote Code Execution 
Open Source SoftwareMedium Risk Medium RiskElevation of Privilege
Data Manipulation
 

 

Number of 'Extremely High Risk' product(s): 0

Number of 'High Risk' product(s): 1

Number of 'Medium Risk' product(s): 12

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': High Risk


Impact

  • Remote Code Execution
  • Denial of Service
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation
  • Spoofing

System / Technologies affected

  • Apps
  • Windows
  • Extended Security Updates (ESU)
  • SQL Server
  • Azure
  • Server Software
  • Developer Tools
  • Other
  • System Center
  • Microsoft Office
  • Device
  • Microsoft Dynamics
  • Open Source Software

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  •  Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link

Mozilla 產品多個漏洞

Mozilla 產品多個漏洞 發佈日期: 2026年07月15日 風險: 高度風險 類型: 用戶端 - 瀏覽器 於 Mozilla 產品發現多個...