Mozilla Products Multiple Vulnerabilities
Release Date: 30 Apr 2025
RISK: Medium Risk
TYPE: Clients - Browsers
Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger cross-site scripting, elevation of privilege, remote code execution, security restriction bypass and sensitive information disclosure on the targeted system.
Impact
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
- Security Restriction Bypass
- Cross-Site Scripting
System / Technologies affected
Versions prior to:
- Firefox 138
- Firefox ESR 115.23
- Firefox ESR 128.10
- Thunderbird 138
- Thunderbird ESR 128.10
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- Firefox 138
- Firefox ESR 115.23
- Firefox ESR 128.10
- Thunderbird 138
- Thunderbird ESR 128.10
Vulnerability Identifier
- CVE-2025-2817
- CVE-2025-4082
- CVE-2025-4083
- CVE-2025-4084
- CVE-2025-4085
- CVE-2025-4086
- CVE-2025-4087
- CVE-2025-4088
- CVE-2025-4089
- CVE-2025-4090
- CVE-2025-4091
- CVE-2025-4092
- CVE-2025-4093
Source
Related Link
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-30/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-31/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/
沒有留言:
發佈留言