CVSS: 9.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1933 – firefox: JIT corruption of WASM i32 return values on 64-bit CPUs
https://notcve.org/view.php?id=CVE-2025-1933
28 Feb 2025 — On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. • https://bugzilla.mozilla.org/show_bug.cgi?id=1946004 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1934 – firefox: Unexpected GC during RegExp bailout processing
https://notcve.org/view.php?id=CVE-2025-1934
28 Feb 2025 — It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbir... • https://bugzilla.mozilla.org/show_bug.cgi?id=1942881 • CWE-460: Improper Cleanup on Thrown Exception •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1935 – firefox: Clickjacking the registerProtocolHandler info-bar Reporter
https://notcve.org/view.php?id=CVE-2025-1935
28 Feb 2025 — A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1866661 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.3EPSS: 0%CPEs: 33EXPL: 0CVE-2025-1936 – firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
https://notcve.org/view.php?id=CVE-2025-1936
28 Feb 2025 — jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignore... • https://bugzilla.mozilla.org/show_bug.cgi?id=1940027 • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1937 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1937
28 Feb 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs sh... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 10.0EPSS: 0%CPEs: 34EXPL: 0CVE-2025-1938 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1938
28 Feb 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with eno... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26601 – Xorg: xwayland: use-after-free in syncinittrigger()
https://notcve.org/view.php?id=CVE-2025-26601
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger() is called. If one of the changes triggers an error, the function will return early, not adding the new sync object, possibly causing a use-after-free when the alarm eventually triggers. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server... • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26600 – Xorg: xwayland: use-after-free in playreleasedevents()
https://notcve.org/view.php?id=CVE-2025-26600
25 Feb 2025 — A use-after-free flaw was found in X.Org and Xwayland. When a device is removed while still frozen, the events queued for that device remain while the device is freed. Replaying the events will cause a use-after-free. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of devi... • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26599 – Xorg: xwayland: use of uninitialized pointer in compredirectwindow()
https://notcve.org/view.php?id=CVE-2025-26599
25 Feb 2025 — An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect() may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow() will return a BadAlloc error without validating the window tree marked just before, which leaves the validated data partly initialized and the use of an uninitialized pointer later. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obta... • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 35EXPL: 0CVE-2025-26598 – Xorg: xwayland: out-of-bounds write in createpointerbarrierclient()
https://notcve.org/view.php?id=CVE-2025-26598
25 Feb 2025 — An out-of-bounds write flaw was found in X.Org and Xwayland. The function GetBarrierDevice() searches for the pointer device based on its device ID and returns the matching value, or supposedly NULL, if no match was found. However, the code will return the last element of the list if no matching device ID is found, which can lead to out-of-bounds memory access. This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the abilit... • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •