Search CVE reports

61 – 70 of 2820 results

Detailed view

Sort by:

CVE-2025-4082

Medium priority

Not affected

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3608

Medium priority

Needs evaluation

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3035

Medium priority

Needs evaluation

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3034

Medium priority

Needs evaluation

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3033

Medium priority

Not affected

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3032

Medium priority

Needs evaluation

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3031

Medium priority

Needs evaluation

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3030

Medium priority

Some fixes available 1 of 12

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3029

Medium priority

Some fixes available 1 of 12

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3028

Medium priority

Some fixes available 1 of 12

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

9 affected packages

mozjs78, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs78	Not in release	Ignored	Not in release	—
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Needs evaluation	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

Export to JSON

Results by page: