CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2025-55031
https://notcve.org/view.php?id=CVE-2025-55031
19 Aug 2025 — Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. ... This vulnerability affects Firefox for iOS < 142 and Focus for iOS < 142. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979499 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-54145
https://notcve.org/view.php?id=CVE-2025-54145
19 Aug 2025 — The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability affects Firefox for iOS < 141. • https://bugzilla.mozilla.org/show_bug.cgi?id=1946122 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-54143
https://notcve.org/view.php?id=CVE-2025-54143
19 Aug 2025 — Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141. • https://bugzilla.mozilla.org/show_bug.cgi?id=1912671 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-9187 – SUSE Security Advisory - SUSE-SU-2025:03008-1
https://notcve.org/view.php?id=CVE-2025-9187
19 Aug 2025 — Memory safety bugs present in Firefox 141 and Thunderbird 141. ... This vulnerability affects Firefox < 142 and Thunderbird < 142. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2C1970079%2C1976736%2C1979072 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9180 – thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component
https://notcve.org/view.php?id=CVE-2025-9180
19 Aug 2025 — This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. A flaw was found in Thunderbird and Firefox. ... Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979782 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2025-9179 – thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component
https://notcve.org/view.php?id=CVE-2025-9179
19 Aug 2025 — This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. A flaw was found in Thunderbird and Firefox. ... Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape or bypass of the same-origin policy. • https://bugzilla.mozilla.org/show_bug.cgi?id=1979527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-8042 – openSUSE Security Advisory - openSUSE-SU-2025:15386-1
https://notcve.org/view.php?id=CVE-2025-8042
27 Jul 2025 — Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141. • https://bugzilla.mozilla.org/show_bug.cgi?id=1791322 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-8044 – openSUSE Security Advisory - openSUSE-SU-2025:15386-1
https://notcve.org/view.php?id=CVE-2025-8044
22 Jul 2025 — Memory safety bugs present in Firefox 140 and Thunderbird 140. ... This vulnerability affects Firefox < 141 and Thunderbird < 141. • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-8043 – openSUSE Security Advisory - openSUSE-SU-2025:15386-1
https://notcve.org/view.php?id=CVE-2025-8043
22 Jul 2025 — This vulnerability affects Firefox < 141 and Thunderbird < 141. • https://bugzilla.mozilla.org/show_bug.cgi?id=1970209 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2025-8035 – firefox: thunderbird: Memory safety bugs
https://notcve.org/view.php?id=CVE-2025-8035
22 Jul 2025 — Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. ... This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox... • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •