CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

CVE-2025-9179

CVE-2025-9179 describes a memory corruption vulnerability in the GMP process used by Firefox/Thunderbird for encrypted media handling, with privileges that are sandboxed yet could allow total impact (CVE-2025-9179). Affected products include Firefox < 142, Firefox ESR < 115.27/128.14/140.2,...

CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

U.K. Government Drops Apple Encryption Backdoor Order After U.S. Civil Liberties Pushback

The U.K. government has apparently abandoned its plans to force Apple to weaken encryption protections and include a backdoor that would have enabled access to the protected data of U.S. citizens. U.S. Director of National Intelligence DNI Tulsi Gabbard, in a statement posted on X, said the U.S...

Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner...

Mozilla Thunderbird < 128.14

The version of Thunderbird installed on the remote Windows host is prior to 128.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-71 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...

Mozilla Firefox ESR < 128.14

The version of Firefox ESR installed on the remote Windows host is prior to 128.14. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-66 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...

Mozilla Thunderbird < 140.2

The version of Thunderbird installed on the remote Windows host is prior to 140.2. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-72 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...

Mozilla Firefox ESR < 115.27

The version of Firefox ESR installed on the remote Windows host is prior to 115.27. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-65 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1,...

Mozilla -- memory corruption in GMP

[email protected] reports: An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process...

Mozilla Firefox ESR < 115.27

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.27. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-65 advisory. - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox E...

PT-2025-33866

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 115.27 Firefox ESR versions prior to 128.14 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 128.14 Thunderbird versions prior to...

Security Vulnerabilities fixed in Firefox ESR 115.27 — Mozilla

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. Same-origin policy bypass in the Graphics: Canvas2D component. Memory safety bugs...

CVE-2025-38506

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory 1TB+, the host can experience CPU soft lockups when running an operation in...

CVE-2025-38508

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSCFACTOR for Secure TSC frequency calculation When using Secure TSC, the GUESTTSCFREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly typically 0.2% from the actual mean TSC...

Linux Distros Unpatched Vulnerability : CVE-2019-10740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The...

Linux Distros Unpatched Vulnerability : CVE-2024-49504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. CVE-2024-49504 Note that Nessus relies on the presence of the...

SUSE CVE-2025-38508

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSCFACTOR for Secure TSC frequency calculation When using Secure TSC, the GUESTTSCFREQ MSR reports a frequency based on the nominal P0 frequency, which deviates slightly typically 0.2% from the actual mean TSC...