CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2025-2857
https://notcve.org/view.php?id=CVE-2025-2857
27 Mar 2025 — Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1. • https://github.com/RimaRuer/CVE-2025-2857-Exploit •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26695
https://notcve.org/view.php?id=CVE-2025-26695
10 Mar 2025 — When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1883039 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-26696
https://notcve.org/view.php?id=CVE-2025-26696
10 Mar 2025 — Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. • https://bugzilla.mozilla.org/show_bug.cgi?id=1864205 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27425
https://notcve.org/view.php?id=CVE-2025-27425
04 Mar 2025 — Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1941525 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27424
https://notcve.org/view.php?id=CVE-2025-27424
04 Mar 2025 — Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1945392 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27426
https://notcve.org/view.php?id=CVE-2025-27426
04 Mar 2025 — Malicious websites utilizing a server-side redirect to an internal error page could result in a spoofed website URL This vulnerability affects Firefox for iOS < 136. • https://bugzilla.mozilla.org/show_bug.cgi?id=1933079 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1943
https://notcve.org/view.php?id=CVE-2025-1943
04 Mar 2025 — Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136. Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1938 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1938
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with eno... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2025-1937 – firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
https://notcve.org/view.php?id=CVE-2025-1937
04 Mar 2025 — Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs sh... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-1936 – firefox: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents
https://notcve.org/view.php?id=CVE-2025-1936
04 Mar 2025 — jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignored when retrieving the content from the archive, but the fake extension after the null was used to determine the type of content. This could have been used to hide code in a web extension disguised as something else like an image. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. jar: URLs retrieve local file content packaged in a ZIP archive. The null and everything after it was ignore... • https://bugzilla.mozilla.org/show_bug.cgi?id=1940027 • CWE-158: Improper Neutralization of Null Byte or NUL Character CWE-754: Improper Check for Unusual or Exceptional Conditions •