CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-11716 – Sandboxed iframes allowed links to open in external apps (Android only)
https://notcve.org/view.php?id=CVE-2025-11716
14 Oct 2025 — Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. These are all security issues fixed in the MozillaFirefox-144.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1818679 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11715 – Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
https://notcve.org/view.php?id=CVE-2025-11715
14 Oct 2025 — Memory safety bugs present in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11712 – An OBJECT tag type attribute overrode browser behavior on web resources without a content-type
https://notcve.org/view.php?id=CVE-2025-11712
14 Oct 2025 — A malicious page could have used the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This could have contributed to an XSS on a site that unsafely serves files without a content-type header. This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1979536 • CWE-116: Improper Encoding or Escaping of Output CWE-436: Interpretation Conflict •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11708 – Use-after-free in MediaTrackGraphImpl::GetInstance()
https://notcve.org/view.php?id=CVE-2025-11708
14 Oct 2025 — Use-after-free in MediaTrackGraphImpl::GetInstance() This vulnerability affects Firefox < 144, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (bookworm), these problems have been fixed in version 140.4.0esr-1~deb12u1. For the stable distribution (trixie), these problems have ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1988931 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11714 – Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144
https://notcve.org/view.php?id=CVE-2025-11714
14 Oct 2025 — Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11711 – Some non-writable Object properties could be modified
https://notcve.org/view.php?id=CVE-2025-11711
14 Oct 2025 — There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (bookworm), these problems have been fixed in version 140... • https://bugzilla.mozilla.org/show_bug.cgi?id=1989978 • CWE-284: Improper Access Control CWE-591: Sensitive Data Storage in Improperly Locked Memory •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-11710 – Cross-process information leaked due to malicious IPC messages
https://notcve.org/view.php?id=CVE-2025-11710
14 Oct 2025 — A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (b... • https://bugzilla.mozilla.org/show_bug.cgi?id=1989899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-11709 – Out of bounds read/write in a privileged process triggered by WebGL textures
https://notcve.org/view.php?id=CVE-2025-11709
14 Oct 2025 — A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, memory disclosure or cross-site scripting. For the oldstable distribution (bookworm), these problem... • https://bugzilla.mozilla.org/show_bug.cgi?id=1989127 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-10534 – Spoofing issue in the Site Permissions component
https://notcve.org/view.php?id=CVE-2025-10534
16 Sep 2025 — This vulnerability affects Firefox < 143 and Thunderbird < 143. Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143. These are all security issues fixed in the MozillaFirefox-143.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1665334 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-10531 – Mitigation bypass in the Web Compatibility: Tooling component
https://notcve.org/view.php?id=CVE-2025-10531
16 Sep 2025 — This vulnerability affects Firefox < 143 and Thunderbird < 143. Mitigation bypass in the Web Compatibility: Tooling component. This vulnerability affects Firefox < 143 and Thunderbird < 143. These are all security issues fixed in the MozillaFirefox-143.0-1.1 package on the GA media of openSUSE Tumbleweed. • https://bugzilla.mozilla.org/show_bug.cgi?id=1978453 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •