Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0797
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.3 | ||
| Mozilla | Firefox Focus | Focus pour iOS versions antérieures à 143.0 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.3 | ||
| Mozilla | Firefox | Firefox versions antérieures à 143 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.28 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 143 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.3",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Focus pour iOS versions ant\u00e9rieures \u00e0 143.0",
"product": {
"name": "Firefox Focus",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.3",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 143",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.28",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 143",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10535"
},
{
"name": "CVE-2025-10533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10533"
},
{
"name": "CVE-2025-10530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10530"
},
{
"name": "CVE-2025-10527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10527"
},
{
"name": "CVE-2025-10537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10537"
},
{
"name": "CVE-2025-10532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10532"
},
{
"name": "CVE-2025-10290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10290"
},
{
"name": "CVE-2025-10529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10529"
},
{
"name": "CVE-2025-10528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10528"
},
{
"name": "CVE-2025-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10534"
},
{
"name": "CVE-2025-10536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10536"
},
{
"name": "CVE-2025-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10531"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0797",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-73",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-74",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-78",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-77",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-75",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-76",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-76/"
}
]
}
CVE-2025-10532 (GCVE-0-2025-10532)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Incorrect boundary conditions in the JavaScript: GC component
Summary
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
6.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Gary Kwong
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10532",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T17:10:59.315985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:11:04.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:33.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gary Kwong"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:17.996Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979502"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Incorrect boundary conditions in the JavaScript: GC component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10532",
"datePublished": "2025-09-16T12:26:36.188Z",
"dateReserved": "2025-09-16T06:48:42.913Z",
"dateUpdated": "2026-04-13T14:28:17.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10537 (GCVE-0-2025-10537)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143
Summary
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
8.8 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Andrew McCreight and the Mozilla Fuzzing Team
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T03:55:49.986935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:30.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:38.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew McCreight and the Mozilla Fuzzing Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:25.818Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10537",
"datePublished": "2025-09-16T12:26:37.029Z",
"dateReserved": "2025-09-16T06:48:52.559Z",
"dateUpdated": "2026-04-13T14:28:25.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10533 (GCVE-0-2025-10533)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Integer overflow in the SVG component
Summary
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
8.8 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
115.28 , ≤ 115.*
(rpm)
Unaffected: 140.3 , ≤ 140.* (rpm) Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Andrew Creskey
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:44:57.212905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T13:45:01.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:34.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "115.*",
"status": "unaffected",
"version": "115.28",
"versionType": "rpm"
},
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew Creskey"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:19.829Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-74/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Integer overflow in the SVG component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10533",
"datePublished": "2025-09-16T12:26:34.655Z",
"dateReserved": "2025-09-16T06:48:44.680Z",
"dateUpdated": "2026-04-13T14:28:19.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10534 (GCVE-0-2025-10534)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Spoofing issue in the Site Permissions component
Summary
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
Severity ?
8.1 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
143 , ≤ *
(rpm)
|
|||||||
|
|||||||||
Credits
Emma Zühlcke
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10534",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T13:59:12.723101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:50:01.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Emma Z\u00fchlcke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"value": "Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:21.557Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665334"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
}
],
"title": "Spoofing issue in the Site Permissions component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10534",
"datePublished": "2025-09-16T12:26:38.630Z",
"dateReserved": "2025-09-16T06:48:46.636Z",
"dateUpdated": "2026-04-13T14:28:21.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10535 (GCVE-0-2025-10535)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:30
VLAI?
EPSS
Title
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android
Summary
Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.
Severity ?
7.5 (High)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Credits
Rebeca Tudor
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T14:02:21.292689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-04T15:49:28.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rebeca Tudor"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143."
}
],
"value": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:30:35.055Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979918"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
}
],
"title": "Information disclosure, mitigation bypass in the Privacy component in Firefox for Android"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10535",
"datePublished": "2025-09-16T12:26:38.955Z",
"dateReserved": "2025-09-16T06:48:48.904Z",
"dateUpdated": "2026-04-13T14:30:35.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10529 (GCVE-0-2025-10529)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Same-origin policy bypass in the Layout component
Summary
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
6.5 (Medium)
CWE
- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Daniel Holbert
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10529",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T17:44:09.772488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:44:13.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:31.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Holbert"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:12.191Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970490"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Same-origin policy bypass in the Layout component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10529",
"datePublished": "2025-09-16T12:26:35.822Z",
"dateReserved": "2025-09-16T06:48:38.059Z",
"dateUpdated": "2026-04-13T14:28:12.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10531 (GCVE-0-2025-10531)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Mitigation bypass in the Web Compatibility: Tooling component
Summary
Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
Severity ?
5.4 (Medium)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
143 , ≤ *
(rpm)
|
|||||||
|
|||||||||
Credits
Nikolaos Mourousias
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T14:55:19.058842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T14:55:23.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nikolaos Mourousias"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"value": "Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:16.327Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1978453"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
}
],
"title": "Mitigation bypass in the Web Compatibility: Tooling component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10531",
"datePublished": "2025-09-16T12:26:38.264Z",
"dateReserved": "2025-09-16T06:48:41.514Z",
"dateUpdated": "2026-04-13T14:28:16.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10530 (GCVE-0-2025-10530)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Spoofing issue in the WebAuthn component in Firefox for Android
Summary
Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143.
Severity ?
6.5 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
143 , ≤ *
(rpm)
|
|||||||
|
|||||||||
Credits
Hafiizh & Kang Ali
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T17:07:11.137176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T17:07:19.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hafiizh \u0026 Kang Ali"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"value": "Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability was fixed in Firefox 143 and Thunderbird 143."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:14.537Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974025"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
}
],
"title": "Spoofing issue in the WebAuthn component in Firefox for Android"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10530",
"datePublished": "2025-09-16T12:26:37.795Z",
"dateReserved": "2025-09-16T06:48:39.895Z",
"dateUpdated": "2026-04-13T14:28:14.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10290 (GCVE-0-2025-10290)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:29
VLAI?
EPSS
Title
Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites
Summary
Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0.
Severity ?
6.5 (Medium)
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Mozilla | Focus for iOS |
Unaffected:
143.0 , ≤ *
(rpm)
|
Credits
Renwa
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10290",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:30:14.447776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T18:26:56.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Focus for iOS",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143.0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Renwa"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0."
}
],
"value": "Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:29:50.967Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975566"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-76/"
}
],
"title": "Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10290",
"datePublished": "2025-09-16T12:26:39.308Z",
"dateReserved": "2025-09-11T17:59:15.574Z",
"dateUpdated": "2026-04-13T14:29:50.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10527 (GCVE-0-2025-10527)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Sandbox escape due to use-after-free in the Graphics: Canvas2D component
Summary
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
7.1 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Oskar L
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T13:30:33.580712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T13:31:16.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:27.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oskar L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:08.186Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1984825"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Sandbox escape due to use-after-free in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10527",
"datePublished": "2025-09-16T12:26:35.079Z",
"dateReserved": "2025-09-16T06:48:33.808Z",
"dateUpdated": "2026-04-13T14:28:08.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10528 (GCVE-0-2025-10528)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
Summary
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
7.3 (High)
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Oskar L
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10528",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T18:02:06.261366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693 Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T18:49:09.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:29.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oskar L"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:09.906Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1986185"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10528",
"datePublished": "2025-09-16T12:26:35.394Z",
"dateReserved": "2025-09-16T06:48:35.863Z",
"dateUpdated": "2026-04-13T14:28:09.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10536 (GCVE-0-2025-10536)
Vulnerability from cvelistv5 – Published: 2025-09-16 12:26 – Updated: 2026-04-13 14:28
VLAI?
EPSS
Title
Information disclosure in the Networking: Cache component
Summary
Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
Severity ?
6.2 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Unaffected:
140.3 , ≤ 140.*
(rpm)
Unaffected: 143 , ≤ * (rpm) |
|||||||
|
|||||||||
Credits
Ibuki Sato
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-10536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-22T17:33:10.783126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T17:34:03.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:36.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00026.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThanOrEqual": "140.*",
"status": "unaffected",
"version": "140.3",
"versionType": "rpm"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "143",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ibuki Sato"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"value": "Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T14:28:24.046Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1981502"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-73/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-75/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-77/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-78/"
}
],
"title": "Information disclosure in the Networking: Cache component"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-10536",
"datePublished": "2025-09-16T12:26:36.546Z",
"dateReserved": "2025-09-16T06:48:50.429Z",
"dateUpdated": "2026-04-13T14:28:24.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…