CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1016 – firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
https://notcve.org/view.php?id=CVE-2025-1016
04 Feb 2025 — Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which ... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1014 – firefox: thunderbird: Certificate length was not properly checked
https://notcve.org/view.php?id=CVE-2025-1014
04 Feb 2025 — Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1940804 • CWE-295: Improper Certificate Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1012 – firefox: thunderbird: Use-after-free during concurrent delazification
https://notcve.org/view.php?id=CVE-2025-1012
04 Feb 2025 — A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A race during concurrent delazification could have led to a use-after-free. Multiple security issues were discovered in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1939710 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1011 – firefox: thunderbird: A bug in WebAssembly code generation could result in a crash
https://notcve.org/view.php?id=CVE-2025-1011
04 Feb 2025 — A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. • https://bugzilla.mozilla.org/show_bug.cgi?id=1936454 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1010 – firefox: thunderbird: Use-after-free in Custom Highlight
https://notcve.org/view.php?id=CVE-2025-1010
04 Feb 2025 — An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. Multiple security issues were discover... • https://bugzilla.mozilla.org/show_bug.cgi?id=1936982 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 1CVE-2025-1009 – firefox: thunderbird: Use-after-free in XSLT
https://notcve.org/view.php?id=CVE-2025-1009
04 Feb 2025 — An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. Multiple security issues were discovered in Firefox.... • https://packetstorm.news/files/id/189614 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24162 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
https://notcve.org/view.php?id=CVE-2025-24162
27 Jan 2025 — This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2025-24158 – webkitgtk: Processing web content may lead to a denial-of-service
https://notcve.org/view.php?id=CVE-2025-24158
27 Jan 2025 — The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service. A flaw was found in WebKitGTK. Processing malicious web content can cause a denial of service due to improper memory handling. • https://support.apple.com/en-us/122066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.6EPSS: 0%CPEs: 27EXPL: 0CVE-2024-11218 – Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
https://notcve.org/view.php?id=CVE-2024-11218
22 Jan 2025 — A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and R... • https://access.redhat.com/security/cve/CVE-2024-11218 • CWE-269: Improper Privilege Management •
CVSS: 4.8EPSS: 0%CPEs: 25EXPL: 0CVE-2025-21502 – openjdk: Enhance array handling (Oracle CPU 2025-01)
https://notcve.org/view.php?id=CVE-2025-21502
21 Jan 2025 — Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM Enterprise Edition: 20.3.16 and 21.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JD... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-195: Signed to Unsigned Conversion Error CWE-863: Incorrect Authorization •