EUVD-2025-36530

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox 144.0.2...

UBUNTU-CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability affects Firefox 144.0.2...

CVE-2025-12380

Mozilla Firefox is affected by CVE-2025-12380: starting with Firefox 142, a compromised child process could trigger a use-after-free in the GPU or browser process via WebGPU IPC calls, potentially escaping the sandbox and achieving arbitrary code execution. Affected versions are Firefox 142.x up ...

CVE-2025-12380 Use-after-free in WebGPU internals triggered from a compromised child process

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

Mozilla Firefox < 144.0.2

The version of Firefox installed on the remote Windows host is prior to 144.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-86 advisory. - Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser...

Amazon Linux 2023 : firefox (ALAS2023-2025-1246)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1246 advisory. Use-after-free in MediaTrackGraphImpl::GetInstance This vulnerability affects Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. CVE-2025-11708 A compromised web process w...

Linux Distros Unpatched Vulnerability : CVE-2025-11710

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised proces...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:3775-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3775-1 advisory. Update to Firefox Extended Support Release 140.4.0 ESR bsc1251263. - CVE-2025-11708:...

Fedora 43 : cef (2025-1e8f05e0a6)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1e8f05e0a6 advisory. Update to 140.1.15^chromium140.0.7339.207 rhbz2396308 CVE-2025-10890: Side-channel information leakage in V8 CVE-2025-10891: Integer overflow in V8...

Updated thunderbird packgaes fix security vulnerabilities

CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could ...

RockyLinux 8 : thunderbird (RLSA-2025:18983)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18983 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

AlmaLinux 10 : firefox (ALSA-2025:18154)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:18154 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

RockyLinux 9 : firefox (RLSA-2025:18155)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18155 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

OESA-2025-2478 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

OESA-2025-2477 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

RHEL 10 : firefox (RHSA-2025:18154)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:18154 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: thunderbir...

CVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

CVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

UBUNTU-CVE-2025-11710

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...