csaf_certbund - wid-sec-w-2025-1623

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.\r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Mozilla Thunderbird ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und andere, nicht n\u00e4her definierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1623 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1623.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1623 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1623"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-56 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-57 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-58 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-59 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-60 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-61 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-62 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory MFSA 2025-63 vom 2025-07-22",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5964 vom 2025-07-24",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00128.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4250 vom 2025-07-24",
        "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00013.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-FD004806E3 vom 2025-07-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-fd004806e3"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-A9D97CE15F vom 2025-07-24",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a9d97ce15f"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-11748 vom 2025-07-25",
        "url": "https://linux.oracle.com/errata/ELSA-2025-11748.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-11747 vom 2025-07-25",
        "url": "https://linux.oracle.com/errata/ELSA-2025-11747.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:11748 vom 2025-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2025:11748"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:11747 vom 2025-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2025:11747"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4253 vom 2025-07-27",
        "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00016.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15386-1 vom 2025-07-27",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DA7ZGUOLVQXQMWSWUESWPUYAFMZZ2U7J/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15383-1 vom 2025-07-26",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GNWQV6MY2WERSSM6ZSWO2N3POFDWCA25/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:11797 vom 2025-07-28",
        "url": "https://access.redhat.com/errata/RHSA-2025:11797"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15371-1 vom 2025-07-25",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NWKNKZE6DS7APQ2PDTSAYNYQVHGVVICE/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02529-1 vom 2025-07-25",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021975.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5966 vom 2025-07-27",
        "url": "https://security-tracker.debian.org/tracker/DSA-5966-1"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02531-1 vom 2025-07-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-July/021976.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12044 vom 2025-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:12044"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12045 vom 2025-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:12045"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12046 vom 2025-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:12046"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12188 vom 2025-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:12188"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12187 vom 2025-07-29",
        "url": "https://access.redhat.com/errata/RHSA-2025:12187"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12278 vom 2025-07-30",
        "url": "https://access.redhat.com/errata/RHSA-2025:12278"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-12187 vom 2025-07-30",
        "url": "https://linux.oracle.com/errata/ELSA-2025-12187.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12302 vom 2025-07-30",
        "url": "https://access.redhat.com/errata/RHSA-2025:12302"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:02546-1 vom 2025-07-30",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RSKG6GKFXOPEJZV5OQ64EHYPTRPJXTX7/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-12188 vom 2025-07-30",
        "url": "https://linux.oracle.com/errata/ELSA-2025-12188.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-11797 vom 2025-07-30",
        "url": "https://linux.oracle.com/errata/ELSA-2025-11797.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12353 vom 2025-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2025:12353"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12360 vom 2025-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2025:12360"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:12361 vom 2025-07-31",
        "url": "https://access.redhat.com/errata/RHSA-2025:12361"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2025-2946 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2946.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2FIREFOX-2025-041 vom 2025-08-05",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2FIREFOX-2025-041.html"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2025-30 vom 2025-08-04",
        "url": "https://kb.igel.com/en/security-safety/current/isn-2025-30-firefox-esr-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-12278 vom 2025-08-08",
        "url": "http://linux.oracle.com/errata/ELSA-2025-12278.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13647 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13647"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13648 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13648"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13650 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13650"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13645 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13645"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13646 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13646"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13649 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13649"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13651 vom 2025-08-11",
        "url": "https://access.redhat.com/errata/RHSA-2025:13651"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:13676 vom 2025-08-12",
        "url": "https://access.redhat.com/errata/RHSA-2025:13676"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-13676 vom 2025-08-13",
        "url": "https://linux.oracle.com/errata/ELSA-2025-13676.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox , Firefox ESR und Thunderbird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2025-08-13T06:22:22.830+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1623",
      "initial_release_date": "2025-07-22T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-22T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2025-07-24T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2025-07-27T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian, openSUSE, Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-07-29T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-07-30T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-08-04T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2025-08-07T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-08-11T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2025-08-12T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "11"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "11",
                "product": {
                  "name": "IGEL OS 11",
                  "product_id": "T038855",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:igel:os:11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "IGEL OS 12",
                  "product_id": "T038856",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:igel:os:12"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OS"
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c141",
                "product": {
                  "name": "Mozilla Firefox \u003c141",
                  "product_id": "T045595"
                }
              },
              {
                "category": "product_version",
                "name": "141",
                "product": {
                  "name": "Mozilla Firefox 141",
                  "product_id": "T045595-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:141"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "ios \u003c141",
                "product": {
                  "name": "Mozilla Firefox ios \u003c141",
                  "product_id": "T045599"
                }
              },
              {
                "category": "product_version",
                "name": "ios 141",
                "product": {
                  "name": "Mozilla Firefox ios 141",
                  "product_id": "T045599-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:ios__141"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c115.26",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.26",
                  "product_id": "T045596"
                }
              },
              {
                "category": "product_version",
                "name": "115.26",
                "product": {
                  "name": "Mozilla Firefox ESR 115.26",
                  "product_id": "T045596-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.26"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c128.13",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c128.13",
                  "product_id": "T045597"
                }
              },
              {
                "category": "product_version",
                "name": "128.13",
                "product": {
                  "name": "Mozilla Firefox ESR 128.13",
                  "product_id": "T045597-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:128.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.1",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c140.1",
                  "product_id": "T045598"
                }
              },
              {
                "category": "product_version",
                "name": "140.1",
                "product": {
                  "name": "Mozilla Firefox ESR 140.1",
                  "product_id": "T045598-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:140.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c141",
                "product": {
                  "name": "Mozilla Thunderbird \u003c141",
                  "product_id": "T045600"
                }
              },
              {
                "category": "product_version",
                "name": "141",
                "product": {
                  "name": "Mozilla Thunderbird 141",
                  "product_id": "T045600-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:141"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c128.13",
                "product": {
                  "name": "Mozilla Thunderbird \u003c128.13",
                  "product_id": "T045601"
                }
              },
              {
                "category": "product_version",
                "name": "128.13",
                "product": {
                  "name": "Mozilla Thunderbird 128.13",
                  "product_id": "T045601-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:128.13"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c140.1",
                "product": {
                  "name": "Mozilla Thunderbird \u003c140.1",
                  "product_id": "T045602"
                }
              },
              {
                "category": "product_version",
                "name": "140.1",
                "product": {
                  "name": "Mozilla Thunderbird 140.1",
                  "product_id": "T045602-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:140.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-54143",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-54143"
    },
    {
      "cve": "CVE-2025-54144",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-54144"
    },
    {
      "cve": "CVE-2025-54145",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-54145"
    },
    {
      "cve": "CVE-2025-8027",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8027"
    },
    {
      "cve": "CVE-2025-8028",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8028"
    },
    {
      "cve": "CVE-2025-8029",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8029"
    },
    {
      "cve": "CVE-2025-8030",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8030"
    },
    {
      "cve": "CVE-2025-8031",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8031"
    },
    {
      "cve": "CVE-2025-8032",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8032"
    },
    {
      "cve": "CVE-2025-8033",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8033"
    },
    {
      "cve": "CVE-2025-8034",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8034"
    },
    {
      "cve": "CVE-2025-8035",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8035"
    },
    {
      "cve": "CVE-2025-8036",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8036"
    },
    {
      "cve": "CVE-2025-8037",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8037"
    },
    {
      "cve": "CVE-2025-8038",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8038"
    },
    {
      "cve": "CVE-2025-8039",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8039"
    },
    {
      "cve": "CVE-2025-8040",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8040"
    },
    {
      "cve": "CVE-2025-8041",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8041"
    },
    {
      "cve": "CVE-2025-8042",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8042"
    },
    {
      "cve": "CVE-2025-8043",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8043"
    },
    {
      "cve": "CVE-2025-8044",
      "product_status": {
        "known_affected": [
          "67646",
          "T038856",
          "T038855",
          "T004914",
          "74185",
          "T045600",
          "T045599",
          "T045602",
          "T045601",
          "2951",
          "T002207",
          "T027843",
          "398363",
          "T045596",
          "T045595",
          "T045598",
          "T045597"
        ]
      },
      "release_date": "2025-07-22T22:00:00.000+00:00",
      "title": "CVE-2025-8044"
    }
  ]
}

CVE-2025-8043 (GCVE-0-2025-8043)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 15:15

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Incorrect URL truncation

Summary

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970209
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-61/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Thunderbird

Version: unspecified < 141

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8043",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T15:05:43.941119Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-451",
                "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T15:15:12.037Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "alayersattackers"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox \u003c 141 and Thunderbird \u003c 141."
            }
          ],
          "value": "Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox \u003c 141 and Thunderbird \u003c 141."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect URL truncation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:28.983Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970209"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8043",
    "datePublished": "2025-07-22T20:49:28.983Z",
    "dateReserved": "2025-07-22T10:14:15.245Z",
    "dateUpdated": "2025-07-23T15:15:12.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8033 (GCVE-0-2025-8033)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:39

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Incorrect JavaScript state machine for generators

Summary

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1973990
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8033",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:36:06.360574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:39:08.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Shaheen Fazim"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect JavaScript state machine for generators",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:27.477Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1973990"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8033",
    "datePublished": "2025-07-22T20:49:27.477Z",
    "dateReserved": "2025-07-22T10:13:59.291Z",
    "dateUpdated": "2025-07-23T13:39:08.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8036 (GCVE-0-2025-8036)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 15:57

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

DNS rebinding circumvents CORS

Summary

Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1960834
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8036",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:26:17.781838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-350",
                "description": "CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:57:30.209Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Viktor Bocz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Firefox cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "DNS rebinding circumvents CORS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:21:53.238Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960834"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8036",
    "datePublished": "2025-07-22T20:49:25.303Z",
    "dateReserved": "2025-07-22T10:14:02.586Z",
    "dateUpdated": "2025-07-31T15:57:30.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8040 (GCVE-0-2025-8040)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-30 16:52

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975998
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8040",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:31.276Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrew McCreight, Ashley Zebrowski"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:52:07.710Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975998"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8040",
    "datePublished": "2025-07-22T20:49:28.310Z",
    "dateReserved": "2025-07-22T10:14:10.587Z",
    "dateUpdated": "2025-07-30T16:52:07.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8038 (GCVE-0-2025-8038)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 15:57

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CSP frame-src was not correctly enforced for paths

Summary

Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1808979
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8038",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:44:20.166233Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-345",
                "description": "CWE-345 Insufficient Verification of Data Authenticity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:57:06.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Laurin Weger"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Firefox ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CSP frame-src was not correctly enforced for paths",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:21:56.468Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8038",
    "datePublished": "2025-07-22T20:49:26.764Z",
    "dateReserved": "2025-07-22T10:14:06.430Z",
    "dateUpdated": "2025-07-31T15:57:06.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8028 (GCVE-0-2025-8028)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 14:32

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Large branch table could lead to truncated instruction

Summary

On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1971581
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8028",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:32:07.056857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1332",
                "description": "CWE-1332 Improper Handling of Faults that Lead to Instruction Skips",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:32:58.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Gary Kwong"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "On arm64, a WASM \u003ccode\u003ebr_table\u003c/code\u003e instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Large branch table could lead to truncated instruction",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:24.592Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8028",
    "datePublished": "2025-07-22T20:49:24.592Z",
    "dateReserved": "2025-07-22T10:13:49.236Z",
    "dateUpdated": "2025-07-23T14:32:58.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8029 (GCVE-0-2025-8029)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 15:58

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

javascript: URLs executed on object and embed tags

Summary

Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1928021
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:29:37.560314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-80",
                "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T15:58:06.418Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mirko Brodesser"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Firefox executed \u003ccode\u003ejavascript:\u003c/code\u003e URLs when used in \u003ccode\u003eobject\u003c/code\u003e and \u003ccode\u003eembed\u003c/code\u003e tags. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "javascript: URLs executed on object and embed tags",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:21:52.107Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1928021"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8029",
    "datePublished": "2025-07-22T20:49:24.898Z",
    "dateReserved": "2025-07-22T10:13:51.239Z",
    "dateUpdated": "2025-07-31T15:58:06.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8035 (GCVE-0-2025-8035)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-30 16:52

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1975961
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8035",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:32.645Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:52:08.908Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1975961"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8035",
    "datePublished": "2025-07-22T20:49:28.660Z",
    "dateReserved": "2025-07-22T10:14:02.025Z",
    "dateUpdated": "2025-07-30T16:52:08.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8037 (GCVE-0-2025-8037)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 14:25

Severity ?

9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Nameless cookies shadow secure cookies

Summary

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1964767
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8037",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T14:22:54.948290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-614",
                "description": "CWE-614 Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:25:27.565Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Uku S\u00f5rmus"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the \u003ccode\u003eSecure\u003c/code\u003e attribute. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Nameless cookies shadow secure cookies",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:25.621Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1964767"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8037",
    "datePublished": "2025-07-22T20:49:25.621Z",
    "dateReserved": "2025-07-22T10:14:04.585Z",
    "dateUpdated": "2025-07-23T14:25:27.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8030 (GCVE-0-2025-8030)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-24 03:55

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

Potential user-assisted code execution in “Copy as cURL” command

Summary

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1968414
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8030",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:28.704Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ameen Basha M K"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Insufficient escaping in the \u201cCopy as cURL\u201d feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Potential user-assisted code execution in \u201cCopy as cURL\u201d command",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:25.931Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8030",
    "datePublished": "2025-07-22T20:49:25.931Z",
    "dateReserved": "2025-07-22T10:13:53.205Z",
    "dateUpdated": "2025-07-24T03:55:28.704Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8039 (GCVE-0-2025-8039)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:43

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

Search terms persisted in URL bar

Summary

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970997
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8039",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:39:50.384748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:43:31.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "S\u00f6ren Hentzschel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Search terms persisted in URL bar",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:27.191Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970997"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8039",
    "datePublished": "2025-07-22T20:49:27.191Z",
    "dateReserved": "2025-07-22T10:14:08.352Z",
    "dateUpdated": "2025-07-23T13:43:31.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8044 (GCVE-0-2025-8044)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-24 03:55

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141 and Thunderbird < 141.

References

►

URL

Tags

	https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-61/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Thunderbird

Version: unspecified < 141

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-24T03:55:33.887Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Akmat Suleimanov, Andrew McCreight"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141 and Thunderbird \u003c 141."
            }
          ],
          "value": "Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141 and Thunderbird \u003c 141."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:29.263Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8044",
    "datePublished": "2025-07-22T20:49:29.263Z",
    "dateReserved": "2025-07-22T10:14:16.945Z",
    "dateUpdated": "2025-07-24T03:55:33.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8034 (GCVE-0-2025-8034)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-31 14:07

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141

Summary

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1970422
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-24T03:55:30.954852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-119",
                "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-31T14:07:04.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "the Mozilla Fuzzing Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 115.26, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T16:52:06.877Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "name": "Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141",
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1970422"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-57/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8034",
    "datePublished": "2025-07-22T20:49:27.749Z",
    "dateReserved": "2025-07-22T10:14:01.438Z",
    "dateUpdated": "2025-07-31T14:07:04.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8031 (GCVE-0-2025-8031)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 14:00

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Incorrect URL stripping in CSP reports

Summary

The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1971719
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8031",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:56:53.422028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T14:00:29.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Tom Schuster"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The \u003ccode\u003eusername:password\u003c/code\u003e part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect URL stripping in CSP reports",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:26.243Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8031",
    "datePublished": "2025-07-22T20:49:26.243Z",
    "dateReserved": "2025-07-22T10:13:55.392Z",
    "dateUpdated": "2025-07-23T14:00:29.698Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8032 (GCVE-0-2025-8032)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:56

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

XSLT documents could bypass CSP

Summary

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1974407
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-23T13:55:17.746727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-693",
                "description": "CWE-693 Protection Mechanism Failure",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-23T13:56:15.096Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "141",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.13",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "140.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Joe Turki"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
            }
          ],
          "value": "XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox \u003c 141, Firefox ESR \u003c 128.13, Firefox ESR \u003c 140.1, Thunderbird \u003c 141, Thunderbird \u003c 128.13, and Thunderbird \u003c 140.1."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSLT documents could bypass CSP",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T20:49:26.507Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1974407"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-56/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-58/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-59/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-61/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-62/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-63/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-8032",
    "datePublished": "2025-07-22T20:49:26.507Z",
    "dateReserved": "2025-07-22T10:13:57.272Z",
    "dateUpdated": "2025-07-23T13:56:15.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-8027 (GCVE-0-2025-8027)

Vulnerability from cvelistv5

Published

2025-07-22 20:49

Modified

2025-07-23 13:46

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

JavaScript engine only wrote partial return value to stack

Summary

On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

References

►

URL

Tags

	https://bugzilla.mozilla.org/show_bug.cgi?id=1968423
	https://www.mozilla.org/security/advisories/mfsa2025-56/
	https://www.mozilla.org/security/advisories/mfsa2025-57/
	https://www.mozilla.org/security/advisories/mfsa2025-58/
	https://www.mozilla.org/security/advisories/mfsa2025-59/
	https://www.mozilla.org/security/advisories/mfsa2025-61/
	https://www.mozilla.org/security/advisories/mfsa2025-62/
	https://www.mozilla.org/security/advisories/mfsa2025-63/

Impacted products

Vendor

Product

Version

►

Version: unspecified < 141

Mozilla	Firefox ESR	Version: unspecified < 115.26
Mozilla	Firefox ESR	Version: unspecified < 128.13
Mozilla	Firefox ESR	Version: unspecified < 140.1
Mozilla	Thunderbird	Version: unspecified < 141
Mozilla	Thunderbird	Version: unspecified < 128.13
Mozilla	Thunderbird	Version: unspecified < 140.1

Show details on NVD website