Search CVE reports

41 – 50 of 2791 results

Detailed view

Sort by:

CVE-2025-2817

Medium priority

Not affected

Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an attacker could...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3608

Medium priority

Needs evaluation

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3035

Medium priority

Needs evaluation

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3034

Medium priority

Vulnerable

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

CVE-2025-3033

Medium priority

Not affected

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3032

Medium priority

Vulnerable

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

CVE-2025-3031

Medium priority

Vulnerable

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

CVE-2025-3030

Medium priority

Vulnerable

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

CVE-2025-3029

Medium priority

Vulnerable

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and...

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

CVE-2025-3028

Medium priority

Vulnerable

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

9 affected packages

firefox, mozjs102, mozjs115, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
thunderbird	Not affected	Vulnerable	Not in release	—

Export to JSON

Results by page: