CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8035 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8035
22 Jul 2025 — Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozil... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8034 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8034
22 Jul 2025 — Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was f... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8029 – firefox: thunderbird: javascript: URLs executed on object and embed tags
https://notcve.org/view.php?id=CVE-2025-8029
22 Jul 2025 — Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Firefox executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. • https://bugzilla.mozilla.org/show_bug.cgi?id=1928021 • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 9.3EPSS: 0%CPEs: 16EXPL: 45CVE-2025-32463 – Sudo chroot 1.9.17 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-32463
30 Jun 2025 — Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the `-R` (`--chroot`) option. An attacker can run arbitrary commands as root on systems that support `/etc/nsswitch.conf`. Rich Mirch discovered that Sudo incorrectl... • https://packetstorm.news/files/id/206210 • CWE-427: Uncontrolled Search Path Element CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6430 – firefox: thunderbird: Content-Disposition header ignored when a file is included in an embed or object tag
https://notcve.org/view.php?id=CVE-2025-6430
24 Jun 2025 — When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a cross-site scripting attack. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1971140 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6429 – firefox: thunderbird: Incorrect parsing of URLs could have allowed embedding of youtube.com
https://notcve.org/view.php?id=CVE-2025-6429
24 Jun 2025 — Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricte... • https://bugzilla.mozilla.org/show_bug.cgi?id=1970658 • CWE-116: Improper Encoding or Escaping of Output CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 6.4EPSS: 0%CPEs: 31EXPL: 0CVE-2025-6425 – firefox: thunderbird: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
https://notcve.org/view.php?id=CVE-2025-6425
24 Jun 2025 — An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1717672 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 5CVE-2025-6018 – Pam-config: lpe from unprivileged to allow_active in pam
https://notcve.org/view.php?id=CVE-2025-6018
18 Jun 2025 — A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized control over sy... • https://packetstorm.news/files/id/207433 • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0CVE-2025-5263 – firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
https://notcve.org/view.php?id=CVE-2025-5263
27 May 2025 — Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11. Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11. A flaw was found in Firefox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1960745 • CWE-346: Origin Validation Error CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 10.0EPSS: 0%CPEs: 31EXPL: 0CVE-2025-3887 – GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-3887
30 Apr 2025 — GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 slice headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it ... • https://www.zerodayinitiative.com/advisories/ZDI-25-267 • CWE-121: Stack-based Buffer Overflow •