CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11720 – openSUSE Security Advisory - openSUSE-SU-2025:15645-1
https://notcve.org/view.php?id=CVE-2025-11720
14 Oct 2025 — The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. These are all security issues fixed in the MozillaFirefox-144.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979534 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11718 – openSUSE Security Advisory - openSUSE-SU-2025:15645-1
https://notcve.org/view.php?id=CVE-2025-11718
14 Oct 2025 — When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event This vulnerability affects Firefox < 144. These are all security issues fixed in the MozillaFirefox-144.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1980808 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-11717 – openSUSE Security Advisory - openSUSE-SU-2025:15645-1
https://notcve.org/view.php?id=CVE-2025-11717
14 Oct 2025 — When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being used. Prior to Firefox 144 the password edit screen was visible. This vulnerability affects Firefox < 144. These are all security issues fixed in the MozillaFirefox-144.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1872601 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-11716 – openSUSE Security Advisory - openSUSE-SU-2025:15645-1
https://notcve.org/view.php?id=CVE-2025-11716
14 Oct 2025 — Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. These are all security issues fixed in the MozillaFirefox-144.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1818679 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11715 – thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
https://notcve.org/view.php?id=CVE-2025-11715
14 Oct 2025 — Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11712 – thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
https://notcve.org/view.php?id=CVE-2025-11712
14 Oct 2025 — A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1979536 • CWE-116: Improper Encoding or Escaping of Output CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11708 – thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
https://notcve.org/view.php?id=CVE-2025-11708
14 Oct 2025 — Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (bookworm), these problems have been fixed in version 140.4.0esr-1~deb12u1. For the stable distribution (trixie), these problems have ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1988931 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11714 – thunderbird: firefox: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-11714
14 Oct 2025 — Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11711 – thunderbird: firefox: Some non-writable Object properties could be modified
https://notcve.org/view.php?id=CVE-2025-11711
14 Oct 2025 — There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (bookworm), these problems have been fixed in version 140... • https://bugzilla.mozilla.org/show_bug.cgi?id=1989978 • CWE-284: Improper Access Control CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11710 – thunderbird: firefox: Cross-process information leaked due to malicious IPC messages
https://notcve.org/view.php?id=CVE-2025-11710
14 Oct 2025 — A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (b... • https://bugzilla.mozilla.org/show_bug.cgi?id=1989899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •