Weaver: Fuzzing JavaScript Engines at the JavaScript-WebAssembly Boundary

The security of modern JavaScript JS engines is critical since they provide the primary defense mechanism for executing untrusted code on the web. The recent integration of WebAssembly Wasm has transformed these engines into complex polyglot environments, creating a novel attack surface at the...

MiracleLinux 9 : firefox-140.5.0-1.el9_7.ML.1 (AXSA:2025-11515:36)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11515:36 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

MiracleLinux 9 : thunderbird-140.5.0-2.el9_7.ML.1 (AXSA:2025-11549:27)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-11549:27 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

OPENSUSE-SU-2026:20002-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.5.0 ESR MFSA 2025-91 bsc1253188: CVE-2025-13012 Race condition in the Graphics component CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component...

Amazon Linux 2023 : firefox (ALAS2023-2025-1298)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1298 advisory. Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component...

Important: firefox

Issue Overview: Race condition in the Graphics component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2025:4195-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4195-1 advisory. - Update Mozilla Thunderbird to version 140.5 bsc1253188 - CVE-2025-13012: Race condition in the...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 CVE-2025-13012: Race condition in the Graphics component. CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. CVE-2025-13017: Same-origi...

SUSE-SU-2025:4173-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 140.5.0 ESR bsc1253188 - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017:...

OPENSUSE-SU-2025:20065-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.5.0 ESR: Fixed: Various security fixes MFSA 2025-88 bsc1253188: CVE-2025-13012 Race condition in the Graphics component CVE-2025-13016 Incorrect boundary conditions in the...

MGASA-2025-0305 Updated thunderbird packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

ALSA-2025:21281 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

Security Vulnerabilities fixed in Thunderbird 140.5 — Mozilla

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high...

Mozilla Firefox和Mozilla Firefox ESR 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox web browser. Mozilla Firefox and Firefox ESR suffer from a buffer overflow vulnerability that stems from an incorrect boundary condition in a JavaScript WebAssembly component, which can be...

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...