CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2025-2857
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. ... *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. • https://github.com/RimaRuer/CVE-2025-2857-Exploit •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2025-1937 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1937
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. ... This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1942
https://notcve.org/view.php?id=CVE-2025-1942
04 Mar 2025 — When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136. When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1947139 • CWE-908: Use of Uninitialized Resource •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1941
https://notcve.org/view.php?id=CVE-2025-1941
04 Mar 2025 — This vulnerability affects Firefox < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1944665 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1932 – firefox: Inconsistent comparator in XSLT sorting led to out-of-bounds access
https://notcve.org/view.php?id=CVE-2025-1932
04 Mar 2025 — This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. ... This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. A flaw was found in Firefox. ... Multiple security issues were discovered in Firefox. ... It was discovered that Firefox did not properly handle WebTransport connection, leading to a use-after-free vulnerability. • https://bugzilla.mozilla.org/show_bug.cgi?id=1944313 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1020 – Ubuntu Security Notice USN-7263-1
https://notcve.org/view.php?id=CVE-2025-1020
04 Feb 2025 — Memory safety bugs present in Firefox 134 and Thunderbird 134. ... This vulnerability affects Firefox < 135 and Thunderbird < 135. Multiple security issues were discovered in Firefox. ... Ivan Fratric discovered that Firefox did not properly handle XSLT data, leading to a use-after-free vulnerability. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1017 – firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
https://notcve.org/view.php?id=CVE-2025-1017
04 Feb 2025 — Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. ... This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1016 – firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
https://notcve.org/view.php?id=CVE-2025-1016
04 Feb 2025 — Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. ... This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1014 – firefox: thunderbird: Certificate length was not properly checked
https://notcve.org/view.php?id=CVE-2025-1014
04 Feb 2025 — This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues were discovered in Firefox. ... Ivan Fratric discovered that Firefox did not properly handle XSLT data, leading to a use-after-free vulnerability. • https://bugzilla.mozilla.org/show_bug.cgi?id=1940804 • CWE-295: Improper Certificate Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1012 – firefox: thunderbird: Use-after-free during concurrent delazification
https://notcve.org/view.php?id=CVE-2025-1012
04 Feb 2025 — This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. ... Multiple security issues were discovered in Firefox. ... Ivan Fratric discovered that Firefox did not properly handle XSLT data, leading to a use-after-free vulnerability. • https://bugzilla.mozilla.org/show_bug.cgi?id=1939710 • CWE-416: Use After Free •