Lucene search
K

558 matches found

UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.13 views

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

7.1CVSS6AI score0.0023EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.9 views

CVE-2025-1941

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed distinct from CVE-2025-0245. This vulnerability was fixed in Firefox 136...

9.1CVSS6AI score0.00341EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.16 views

CVE-2025-27424

Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136...

4.3CVSS5.8AI score0.00242EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.17 views

CVE-2025-1942

When String.toUpperCase caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136...

9.8CVSS6.9AI score0.00446EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.4 views

CVE-2025-1937

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerabilit...

7.5CVSS7.3AI score0.00519EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.12 views

CVE-2025-1936

jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension...

7.3CVSS6.9AI score0.00413EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.13 views

CVE-2025-27426

Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL. This vulnerability was fixed in Firefox for iOS 136...

5.4CVSS6AI score0.00219EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.20 views

CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

4.3CVSS6.7AI score0.00316EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.17 views

CVE-2025-1932

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

8.1CVSS7.3AI score0.00391EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.20 views

CVE-2025-27425

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first. This vulnerability was fixed in Firefox for iOS 136...

4.3CVSS5.8AI score0.00215EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.19 views

CVE-2025-1943

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136 and Thunderbird 136...

8.2CVSS7.3AI score0.00401EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.15 views

CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability was fixed in Firefox 136...

3.9CVSS7.2AI score0.00175EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.6 views

CVE-2025-1934

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

6.5CVSS7AI score0.00433EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2025/03/04 2:15 p.m.8 views

CVE-2025-1938

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

6.5CVSS7.1AI score0.00312EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.9 views

CVE-2025-1016

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...

9.8CVSS7.3AI score0.0057EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.7 views

CVE-2025-1010

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.3AI score0.00451EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.7 views

CVE-2025-1012

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.2AI score0.00436EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.7 views

CVE-2025-1013

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

6.5CVSS7AI score0.00313EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.20 views

CVE-2025-1009

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

9.8CVSS7.3AI score0.01196EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2025/02/06 12:0 a.m.12 views

CVE-2025-1017

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firef...

9.8CVSS7.4AI score0.00558EPSS
Exploits0References11
Rows per page
Query Builder