Search CVE reports

291 – 300 of 2344 results

Detailed view

Sort by:

CVE-2025-2830

Medium priority

Fixed

By crafting a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability...

1 affected package

thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
thunderbird	Not affected	Fixed	Not in release	—

CVE-2025-3608

Medium priority

Needs evaluation

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3035

Medium priority

Needs evaluation

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability was fixed in Firefox 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3034

Medium priority

Some fixes available 1 of 12

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3033

Medium priority

Not affected

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability was fixed...

2 affected packages

firefox, thunderbird

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—

CVE-2025-3032

Medium priority

Some fixes available 1 of 12

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3031

Medium priority

Some fixes available 1 of 12

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability was fixed in Firefox 137 and Thunderbird 137.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3030

Medium priority

Some fixes available 1 of 12

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3029

Medium priority

Some fixes available 1 of 12

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability was fixed in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and...

9 affected packages

mozjs52, firefox, thunderbird, mozjs38, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

CVE-2025-3028

Medium priority

Some fixes available 1 of 12

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability was fixed in Firefox 137, Firefox ESR 115.22, Firefox ESR 128.9, Thunderbird 137, and Thunderbird 128.9.

9 affected packages

mozjs52, mozjs78, firefox, thunderbird, mozjs38...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs78	Not in release	Ignored	Not in release	—
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Fixed	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs68	Not in release	Not in release	Ignored	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—

Export to JSON

Results by page: