Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0615
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 141 pour iOS | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 128.13 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.1 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.1 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.13 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.26 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 141 | ||
| Mozilla | Firefox | Firefox versions antérieures à 141 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 141 pour iOS",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 128.13",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.1",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.13",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.26",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 141",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 141",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
},
{
"name": "CVE-2025-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
},
{
"name": "CVE-2025-54144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54144"
},
{
"name": "CVE-2025-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
},
{
"name": "CVE-2025-54145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54145"
},
{
"name": "CVE-2025-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
},
{
"name": "CVE-2025-8041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
},
{
"name": "CVE-2025-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
},
{
"name": "CVE-2025-54143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54143"
},
{
"name": "CVE-2025-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
},
{
"name": "CVE-2025-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
},
{
"name": "CVE-2025-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
},
{
"name": "CVE-2025-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
},
{
"name": "CVE-2025-8040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
},
{
"name": "CVE-2025-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
},
{
"name": "CVE-2025-8038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
},
{
"name": "CVE-2025-8028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
},
{
"name": "CVE-2025-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
},
{
"name": "CVE-2025-8030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
},
{
"name": "CVE-2025-8031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
},
{
"name": "CVE-2025-8042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8042"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0615",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-56",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-57",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-63",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-61",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-59",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-60",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-62",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-58",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/"
}
]
}
CVE-2025-54143 (GCVE-0-2025-54143)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2026-04-13 14:30
VLAI
EPSS
Title
Sandboxed iframes could allow local downloads despite sandbox restrictions
Summary
Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141.
Severity
9.8 (Critical)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox for iOS |
Unaffected:
141 , ≤ *
(rpm)
|
Credits
Narendra Bhati
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:02:56.087696Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:17:47.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Narendra Bhati"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141."
}
],
"value": "Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page. This vulnerability was fixed in Firefox for iOS 141."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:30:52.883Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1912671"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"
}
],
"title": "Sandboxed iframes could allow local downloads despite sandbox restrictions"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-54143",
"datePublished": "2025-08-19T20:52:47.450Z",
"dateReserved": "2025-07-17T02:35:52.284Z",
"dateUpdated": "2026-04-13T14:30:52.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54144 (GCVE-0-2025-54144)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2026-04-13 14:30
VLAI
EPSS
Title
Internal Firefox open-text URL scheme allowed loading of arbitrary URLs
Summary
The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.
Severity
5.4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox for iOS |
Unaffected:
141 , ≤ *
(rpm)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:02:41.412213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:17:40.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141."
}
],
"value": "The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:30:54.598Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946062"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"
}
],
"title": "Internal Firefox open-text URL scheme allowed loading of arbitrary URLs"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-54144",
"datePublished": "2025-08-19T20:52:47.918Z",
"dateReserved": "2025-07-17T02:35:52.285Z",
"dateUpdated": "2026-04-13T14:30:54.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54145 (GCVE-0-2025-54145)
Vulnerability from cvelistv5 – Published: 2025-08-19 20:52 – Updated: 2026-04-13 14:30
VLAI
EPSS
Title
Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load arbitrary websites
Summary
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.
Severity
9.1 (Critical)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox for iOS |
Unaffected:
141 , ≤ *
(rpm)
|
Credits
James Lee
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T14:02:26.579206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T15:17:33.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Lee"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox\u0027s open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141."
}
],
"value": "The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox\u0027s open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:30:56.826Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1946122"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-60/"
}
],
"title": "Scanning a malicious URL utilizing Firefox\u0027s open-text scheme with the QR code scanner could load arbitrary websites"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-54145",
"datePublished": "2025-08-19T20:52:48.366Z",
"dateReserved": "2025-07-17T02:35:52.285Z",
"dateUpdated": "2026-04-13T14:30:56.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8027 (GCVE-0-2025-8027)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
JavaScript engine only wrote partial return value to stack
Summary
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
6.5 (Medium)
CWE
- CWE-457 - Use of Uninitialized Variable
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.26 , ≤ 115.*
(rpm)
Unaffected: 128.13 , ≤ 128.* (rpm) Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Nan Wang
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:42:23.408460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-457",
"description": "CWE-457 Use of Uninitialized Variable",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T13:46:28.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:44.121Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.26",
"versionType": "rpm"
},
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nan Wang"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:46.624Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "JavaScript engine only wrote partial return value to stack"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8027",
"datePublished": "2025-07-22T20:49:24.039Z",
"dateReserved": "2025-07-22T10:13:47.266Z",
"dateUpdated": "2026-04-13T14:26:46.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8028 (GCVE-0-2025-8028)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
Large branch table could lead to truncated instruction
Summary
On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
9.8 (Critical)
CWE
- CWE-1332 - Improper Handling of Faults that Lead to Instruction Skips
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.26 , ≤ 115.*
(rpm)
Unaffected: 128.13 , ≤ 128.* (rpm) Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Gary Kwong
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8028",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:32:07.056857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1332",
"description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:58:24.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:45.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.26",
"versionType": "rpm"
},
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gary Kwong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "On arm64, a WASM \u003ccode\u003ebr_table\u003c/code\u003e instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:48.394Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "Large branch table could lead to truncated instruction"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8028",
"datePublished": "2025-07-22T20:49:24.592Z",
"dateReserved": "2025-07-22T10:13:49.236Z",
"dateUpdated": "2026-04-13T14:26:48.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8029 (GCVE-0-2025-8029)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
javascript: URLs executed on object and embed tags
Summary
Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
8.1 (High)
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Mirko Brodesser
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T14:29:37.560314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:57:41.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:46.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mirko Brodesser"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Thunderbird executed \u003ccode\u003ejavascript:\u003c/code\u003e URLs when used in \u003ccode\u003eobject\u003c/code\u003e and \u003ccode\u003eembed\u003c/code\u003e tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:50.157Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "javascript: URLs executed on object and embed tags"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8029",
"datePublished": "2025-07-22T20:49:24.898Z",
"dateReserved": "2025-07-22T10:13:51.239Z",
"dateUpdated": "2026-04-13T14:26:50.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8030 (GCVE-0-2025-8030)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
Potential user-assisted code execution in “Copy as cURL” command
Summary
Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
8.1 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Ameen Basha M K
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T03:55:29.670565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:24.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:48.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ameen Basha M K"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:55.584Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8030",
"datePublished": "2025-07-22T20:49:25.931Z",
"dateReserved": "2025-07-22T10:13:53.205Z",
"dateUpdated": "2026-04-13T14:26:55.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8031 (GCVE-0-2025-8031)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
Incorrect URL stripping in CSP reports
Summary
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
9.8 (Critical)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Tom Schuster
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:56:53.422028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:54:01.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:49.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Tom Schuster"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The \u003ccode\u003eusername:password\u003c/code\u003e part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:57.626Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "Incorrect URL stripping in CSP reports"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8031",
"datePublished": "2025-07-22T20:49:26.243Z",
"dateReserved": "2025-07-22T10:13:55.392Z",
"dateUpdated": "2026-04-13T14:26:57.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8032 (GCVE-0-2025-8032)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:26
VLAI
EPSS
Title
XSLT documents could bypass CSP
Summary
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
8.1 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Joe Turki
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:55:17.746727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:53:28.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:51.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Joe Turki"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:26:59.396Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "XSLT documents could bypass CSP"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8032",
"datePublished": "2025-07-22T20:49:26.507Z",
"dateReserved": "2025-07-22T10:13:57.272Z",
"dateUpdated": "2026-04-13T14:26:59.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8033 (GCVE-0-2025-8033)
Vulnerability from cvelistv5 – Published: 2025-07-22 20:49 – Updated: 2026-04-13 14:27
VLAI
EPSS
Title
Incorrect JavaScript state machine for generators
Summary
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
Severity
6.5 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.26 , ≤ 115.*
(rpm)
Unaffected: 128.13 , ≤ 128.* (rpm) Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
|
| Mozilla | Thunderbird |
Unaffected:
128.13 , ≤ 128.*
(rpm)
Unaffected: 140.1 , ≤ 140.* (rpm) Unaffected: 141 , ≤ * (rpm) |
Credits
Shaheen Fazim
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-8033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-23T13:36:06.360574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:51:29.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:52.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.26",
"versionType": "rpm"
},
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "128.*",
"status": "unaffected",
"version": "128.13",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.1",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "141",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Shaheen Fazim"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:27:06.664Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
}
],
"title": "Incorrect JavaScript state machine for generators"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-8033",
"datePublished": "2025-07-22T20:49:27.477Z",
"dateReserved": "2025-07-22T10:13:59.291Z",
"dateUpdated": "2026-04-13T14:27:06.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…