csaf_opensuse - opensuse-su-2025:15387-1

opensuse-su-2025:15387-1

Vulnerability from csaf_opensuse

Published

2025-07-26 00:00

Modified

2025-07-26 00:00

Summary

libmozjs-128-0-128.13.0-1.1 on GA media

Notes

Title of the patch

libmozjs-128-0-128.13.0-1.1 on GA media

Description of the patch

These are all security issues fixed in the libmozjs-128-0-128.13.0-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2025-15387

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libmozjs-128-0-128.13.0-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libmozjs-128-0-128.13.0-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15387",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15387-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8027 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8027/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8028 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8028/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8029 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8029/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8030 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8031 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8031/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8032 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8032/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8033 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8033/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8034 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8034/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-8035 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-8035/"
      }
    ],
    "title": "libmozjs-128-0-128.13.0-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-07-26T00:00:00Z",
      "generator": {
        "date": "2025-07-26T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15387-1",
      "initial_release_date": "2025-07-26T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-07-26T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmozjs-128-0-128.13.0-1.1.aarch64",
                "product": {
                  "name": "libmozjs-128-0-128.13.0-1.1.aarch64",
                  "product_id": "libmozjs-128-0-128.13.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-128.13.0-1.1.aarch64",
                "product": {
                  "name": "mozjs128-128.13.0-1.1.aarch64",
                  "product_id": "mozjs128-128.13.0-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-devel-128.13.0-1.1.aarch64",
                "product": {
                  "name": "mozjs128-devel-128.13.0-1.1.aarch64",
                  "product_id": "mozjs128-devel-128.13.0-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmozjs-128-0-128.13.0-1.1.ppc64le",
                "product": {
                  "name": "libmozjs-128-0-128.13.0-1.1.ppc64le",
                  "product_id": "libmozjs-128-0-128.13.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-128.13.0-1.1.ppc64le",
                "product": {
                  "name": "mozjs128-128.13.0-1.1.ppc64le",
                  "product_id": "mozjs128-128.13.0-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-devel-128.13.0-1.1.ppc64le",
                "product": {
                  "name": "mozjs128-devel-128.13.0-1.1.ppc64le",
                  "product_id": "mozjs128-devel-128.13.0-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmozjs-128-0-128.13.0-1.1.s390x",
                "product": {
                  "name": "libmozjs-128-0-128.13.0-1.1.s390x",
                  "product_id": "libmozjs-128-0-128.13.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-128.13.0-1.1.s390x",
                "product": {
                  "name": "mozjs128-128.13.0-1.1.s390x",
                  "product_id": "mozjs128-128.13.0-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-devel-128.13.0-1.1.s390x",
                "product": {
                  "name": "mozjs128-devel-128.13.0-1.1.s390x",
                  "product_id": "mozjs128-devel-128.13.0-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libmozjs-128-0-128.13.0-1.1.x86_64",
                "product": {
                  "name": "libmozjs-128-0-128.13.0-1.1.x86_64",
                  "product_id": "libmozjs-128-0-128.13.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-128.13.0-1.1.x86_64",
                "product": {
                  "name": "mozjs128-128.13.0-1.1.x86_64",
                  "product_id": "mozjs128-128.13.0-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "mozjs128-devel-128.13.0-1.1.x86_64",
                "product": {
                  "name": "mozjs128-devel-128.13.0-1.1.x86_64",
                  "product_id": "mozjs128-devel-128.13.0-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmozjs-128-0-128.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64"
        },
        "product_reference": "libmozjs-128-0-128.13.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmozjs-128-0-128.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le"
        },
        "product_reference": "libmozjs-128-0-128.13.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmozjs-128-0-128.13.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x"
        },
        "product_reference": "libmozjs-128-0-128.13.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libmozjs-128-0-128.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64"
        },
        "product_reference": "libmozjs-128-0-128.13.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-128.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64"
        },
        "product_reference": "mozjs128-128.13.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-128.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le"
        },
        "product_reference": "mozjs128-128.13.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-128.13.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x"
        },
        "product_reference": "mozjs128-128.13.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-128.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64"
        },
        "product_reference": "mozjs128-128.13.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-devel-128.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64"
        },
        "product_reference": "mozjs128-devel-128.13.0-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-devel-128.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le"
        },
        "product_reference": "mozjs128-devel-128.13.0-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-devel-128.13.0-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x"
        },
        "product_reference": "mozjs128-devel-128.13.0-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mozjs128-devel-128.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        },
        "product_reference": "mozjs128-devel-128.13.0-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-8027",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8027"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8027",
          "url": "https://www.suse.com/security/cve/CVE-2025-8027"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8027",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8027"
    },
    {
      "cve": "CVE-2025-8028",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8028"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8028",
          "url": "https://www.suse.com/security/cve/CVE-2025-8028"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8028",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8028"
    },
    {
      "cve": "CVE-2025-8029",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8029"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8029",
          "url": "https://www.suse.com/security/cve/CVE-2025-8029"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8029",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8029"
    },
    {
      "cve": "CVE-2025-8030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Insufficient escaping in the \"Copy as cURL\" feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8030",
          "url": "https://www.suse.com/security/cve/CVE-2025-8030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8030",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8030"
    },
    {
      "cve": "CVE-2025-8031",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8031"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8031",
          "url": "https://www.suse.com/security/cve/CVE-2025-8031"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8031",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8031"
    },
    {
      "cve": "CVE-2025-8032",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8032"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8032",
          "url": "https://www.suse.com/security/cve/CVE-2025-8032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8032",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8032"
    },
    {
      "cve": "CVE-2025-8033",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8033"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8033",
          "url": "https://www.suse.com/security/cve/CVE-2025-8033"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8033",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8033"
    },
    {
      "cve": "CVE-2025-8034",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8034"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8034",
          "url": "https://www.suse.com/security/cve/CVE-2025-8034"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8034",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8034"
    },
    {
      "cve": "CVE-2025-8035",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-8035"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
          "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-8035",
          "url": "https://www.suse.com/security/cve/CVE-2025-8035"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1246664 for CVE-2025-8035",
          "url": "https://bugzilla.suse.com/1246664"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:libmozjs-128-0-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-128.13.0-1.1.x86_64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.aarch64",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.ppc64le",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.s390x",
            "openSUSE Tumbleweed:mozjs128-devel-128.13.0-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-07-26T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-8035"
    }
  ]
}

CVE-2025-8030 (GCVE-0-2025-8030)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-24 03:55

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

Potential user-assisted code execution in “Copy as cURL” command

Summary

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1968414
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:28.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ameen Basha M K"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:25.931Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8030",
    "datePublished": "2025-07-22T20:49:25.931Z",
    "dateReserved": "2025-07-22T10:13:53.205Z",
    "dateUpdated": "2025-07-24T03:55:28.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8034 (GCVE-0-2025-8034)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 14:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970422
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T03:55:30.954852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T14:07:04.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:52:06.877Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970422"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8034",
    "datePublished": "2025-07-22T20:49:27.749Z",
    "dateReserved": "2025-07-22T10:14:01.438Z",
    "dateUpdated": "2025-07-31T14:07:04.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8028 (GCVE-0-2025-8028)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 14:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Large branch table could lead to truncated instruction

Summary

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1971581
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:32:07.056857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1332",
                "description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:32:58.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On arm64, a WASM \u003ccode\u003ebr_table\u003c/code\u003e instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Large branch table could lead to truncated instruction",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:24.592Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8028",
    "datePublished": "2025-07-22T20:49:24.592Z",
    "dateReserved": "2025-07-22T10:13:49.236Z",
    "dateUpdated": "2025-07-23T14:32:58.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8033 (GCVE-0-2025-8033)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Incorrect JavaScript state machine for generators

Summary

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1973990
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:36:06.360574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:39:08.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Shaheen Fazim"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect JavaScript state machine for generators",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:27.477Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8033",
    "datePublished": "2025-07-22T20:49:27.477Z",
    "dateReserved": "2025-07-22T10:13:59.291Z",
    "dateUpdated": "2025-07-23T13:39:08.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8031 (GCVE-0-2025-8031)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 14:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Incorrect URL stripping in CSP reports

Summary

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1971719
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:56:53.422028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:00:29.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tom Schuster"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The \u003ccode\u003eusername:password\u003c/code\u003e part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect URL stripping in CSP reports",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:26.243Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8031",
    "datePublished": "2025-07-22T20:49:26.243Z",
    "dateReserved": "2025-07-22T10:13:55.392Z",
    "dateUpdated": "2025-07-23T14:00:29.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8029 (GCVE-0-2025-8029)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 15:58

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

javascript: URLs executed on object and embed tags

Summary

Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1928021
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:29:37.560314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-80",
                "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:58:06.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mirko Brodesser"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Firefox executed \u003ccode\u003ejavascript:\u003c/code\u003e URLs when used in \u003ccode\u003eobject\u003c/code\u003e and \u003ccode\u003eembed\u003c/code\u003e tags. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "javascript: URLs executed on object and embed tags",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:21:52.107Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8029",
    "datePublished": "2025-07-22T20:49:24.898Z",
    "dateReserved": "2025-07-22T10:13:51.239Z",
    "dateUpdated": "2025-07-31T15:58:06.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8032 (GCVE-0-2025-8032)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:56

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

XSLT documents could bypass CSP

Summary

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1974407
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:55:17.746727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:56:15.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joe Turki"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSLT documents could bypass CSP",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:26.507Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8032",
    "datePublished": "2025-07-22T20:49:26.507Z",
    "dateReserved": "2025-07-22T10:13:57.272Z",
    "dateUpdated": "2025-07-23T13:56:15.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8027 (GCVE-0-2025-8027)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

JavaScript engine only wrote partial return value to stack

Summary

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1968423
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8027",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:42:23.408460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-457",
                "description": "CWE-457 Use of Uninitialized Variable",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:46:28.122Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Nan Wang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "JavaScript engine only wrote partial return value to stack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:24.039Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968423"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8027",
    "datePublished": "2025-07-22T20:49:24.039Z",
    "dateReserved": "2025-07-22T10:13:47.266Z",
    "dateUpdated": "2025-07-23T13:46:28.122Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8035 (GCVE-0-2025-8035)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-30 16:52

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1975961
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Mozilla

Firefox

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:32.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:52:08.908Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975961"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8035",
    "datePublished": "2025-07-22T20:49:28.660Z",
    "dateReserved": "2025-07-22T10:14:02.025Z",
    "dateUpdated": "2025-07-30T16:52:08.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2025:15387-1

Vulnerability from csaf_opensuse

CVE-2025-8030 (GCVE-0-2025-8030)

Vulnerability from cvelistv5

CVE-2025-8034 (GCVE-0-2025-8034)

Vulnerability from cvelistv5

CVE-2025-8028 (GCVE-0-2025-8028)

Vulnerability from cvelistv5

CVE-2025-8033 (GCVE-0-2025-8033)

Vulnerability from cvelistv5

CVE-2025-8031 (GCVE-0-2025-8031)

Vulnerability from cvelistv5

CVE-2025-8029 (GCVE-0-2025-8029)

Vulnerability from cvelistv5

CVE-2025-8032 (GCVE-0-2025-8032)

Vulnerability from cvelistv5

CVE-2025-8027 (GCVE-0-2025-8027)

Vulnerability from cvelistv5

CVE-2025-8035 (GCVE-0-2025-8035)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature