Mozilla Firefox < 150.0.3

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 150.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-45 advisory. - Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3...

Linux Distros Unpatched Vulnerability : CVE-2026-6758

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. CVE-2026-6758 Note that Nessus relies ...

CVE-2026-6757

Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

FreeBSD : Mozilla -- Multiple vulnerabilities (15f4e0f6-1338-11f1-a55d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 15f4e0f6-1338-11f1-a55d-b42e991fc52e advisory. CVE-2026-2809: Memory safety bug in the JavaScript: WebAssembly component. CVE-2026-2808:...

Security Vulnerabilities fixed in Firefox ESR 140.5 — Mozilla

CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high References Bug 1991458 CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component Reporter Igor Morgenstern Impact high References Bug 1992130 CVE-2025-13017: Same-origin poli...

CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

Linux Distros Unpatched Vulnerability : CVE-2025-1011

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This...

RockyLinux 8 : firefox (RLSA-2025:1283)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1283 advisory. firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox:...

firefox: thunderbird: A bug in WebAssembly code generation could result in a crash

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. It may be possible for an attacker to leverage this to achieve code execution...

firefox: thunderbird: A bug in WebAssembly code generation could result in a crash

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. It may be possible for an attacker to leverage this to achieve code execution...

Security update for MozillaFirefox

This update for MozillaFirefox to 128.7esr fixes the following issues: MFSA 2025-09 CVE-2025-1009 bmo1936613 Use-after-free in XSLT CVE-2025-1010 bmo1936982 Use-after-free in Custom Highlight CVE-2025-1011 bmo1936454 A bug in WebAssembly code generation could result in a crash CVE-2025-1012...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

MGASA-2025-0045 Updated rootcerts, nss & firefox packages fix security vulnerabilities

Use-after-free in XSLT. CVE-2025-1009 Use-after-free in Custom Highlight. CVE-2025-1010 A bug in WebAssembly code generation could result in a crash. CVE-2025-1011 Use-after-free during concurrent delazification. CVE-2025-1012 Potential double-free vulnerability in PKCS7 decryption handling...

RHEL 7 : firefox (RHSA-2025:1132)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1132 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

RHEL 8 : firefox (RHSA-2025:1136)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:1136 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

firefox: thunderbird: A bug in WebAssembly code generation could result in a crash

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A bug in WebAssembly code generation could lead to a crash. It may be possible for an attacker to leverage this to achieve code execution...

SUSE CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

DEBIAN-CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

CVE-2025-1011

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...