Vulnerability-Lookup

CVE-2025-11709 (GCVE-0-2025-11709)

Vulnerability from cvelistv5 – Published: 2025-10-14 12:27 – Updated: 2026-04-13 14:29

Title

Out of bounds read/write in a privileged process triggered by WebGL textures

Summary

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

mozilla

References

6 references

URL	Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1989127
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…
https://www.mozilla.org/security/advisories/mfsa2…

Impacted products

2 products

Vendor	Product	Version
Mozilla	Firefox	Unaffected: 115.29 , ≤ 115.* (rpm) Unaffected: 140.4 , ≤ 140.* (rpm) Unaffected: 144 , ≤ * (rpm)
Mozilla	Thunderbird	Unaffected: 140.4 , ≤ 140.* (rpm) Unaffected: 144 , ≤ * (rpm)

Credits

Oskar L

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-11709",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-15T13:22:47.051044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-15T13:31:10.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:31:46.165Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "115.*",
              "status": "unaffected",
              "version": "115.29",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.4",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "144",
              "versionType": "rpm"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThanOrEqual": "140.*",
              "status": "unaffected",
              "version": "140.4",
              "versionType": "rpm"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "144",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Oskar L"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4."
            }
          ],
          "value": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-13T14:29:18.098Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
        }
      ],
      "title": "Out of bounds read/write in a privileged process triggered by WebGL textures"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-11709",
    "datePublished": "2025-10-14T12:27:33.692Z",
    "dateReserved": "2025-10-13T19:49:59.923Z",
    "dateUpdated": "2026-04-13T14:29:18.098Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-11709",
      "date": "2026-05-25",
      "epss": "0.00106",
      "percentile": "0.28185"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-11709\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-10-14T13:15:37.093\",\"lastModified\":\"2026-04-13T15:16:39.383\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionEndExcluding\":\"115.29.0\",\"matchCriteriaId\":\"45205EB8-E615-4FE6-877C-231B4A29F86E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"144.0\",\"matchCriteriaId\":\"CEE2F6DA-4331-4D6D-B01B-610DFDBE1833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*\",\"versionStartIncluding\":\"116.0\",\"versionEndExcluding\":\"140.4.0\",\"matchCriteriaId\":\"34B8F1CA-9F1A-4484-828E-4192CF1FEAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"144.0\",\"matchCriteriaId\":\"F7398846-C620-42AF-86CA-60C09184768A\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-81/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-82/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-83/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-84/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-85/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T17:31:46.165Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11709\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-15T13:22:47.051044Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-15T13:22:50.308Z\"}}], \"cna\": {\"title\": \"Out of bounds read/write in a privileged process triggered by WebGL textures\", \"credits\": [{\"lang\": \"en\", \"value\": \"Oskar L\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"115.29\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"115.*\"}, {\"status\": \"unaffected\", \"version\": \"140.4\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"144\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"140.4\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"140.*\"}, {\"status\": \"unaffected\", \"version\": \"144\", \"versionType\": \"rpm\", \"lessThanOrEqual\": \"*\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1989127\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-81/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-82/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-83/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-84/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-85/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2026-04-13T14:29:18.098Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-11709\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-13T14:29:18.098Z\", \"dateReserved\": \"2025-10-13T19:49:59.923Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2025-10-14T12:27:33.692Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0873

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox versions antérieures à 144
Mozilla	Thunderbird	Thunderbird versions antérieures à 144
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.29
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 140.4
Mozilla	Thunderbird	Thunderbird versions antérieures à 140.4

References

Title

Publication Time

CERTFR-2025-AVI-0873

Vulnerability from certfr_avis - Published: 2025-10-15 - Updated: 2025-10-15

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mozilla	Firefox	Firefox versions antérieures à 144
Mozilla	Thunderbird	Thunderbird versions antérieures à 144
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 115.29
Mozilla	Firefox ESR	Firefox ESR versions antérieures à 140.4
Mozilla	Thunderbird	Thunderbird versions antérieures à 140.4

References

Title

Publication Time

alsa-2025:18154

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-10-20 12:30

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18154	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/10/ALSA-2025-18154.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-3.el10_0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18154",
  "modified": "2025-10-20T12:30:08Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18154"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-18154.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:18155

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-10-20 12:31

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18155	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/9/ALSA-2025-18155.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-3.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "firefox-x11"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-3.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18155",
  "modified": "2025-10-20T12:31:42Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18155"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-18155.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:18285

Vulnerability from osv_almalinux

Published

2025-10-20 00:00

Modified

2025-10-20 11:50

Summary

Important: firefox security update

Details

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18285	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/8/ALSA-2025-18285.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "firefox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-3.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18285",
  "modified": "2025-10-20T11:50:28Z",
  "published": "2025-10-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18285"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-18285.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: firefox security update"
}

alsa-2025:18320

Vulnerability from osv_almalinux

Published

2025-10-20 00:00

Modified

2025-10-22 10:33

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18320	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/10/ALSA-2025-18320.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-2.el10_0.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18320",
  "modified": "2025-10-22T10:33:35Z",
  "published": "2025-10-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18320"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2025-18320.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2025:18321

Vulnerability from osv_almalinux

Published

2025-10-20 00:00

Modified

2025-10-22 10:38

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18321	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/9/ALSA-2025-18321.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-2.el9_6.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18321",
  "modified": "2025-10-22T10:38:17Z",
  "published": "2025-10-20T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18321"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-18321.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: thunderbird security update"
}

alsa-2025:18983

Vulnerability from osv_almalinux

Published

2025-10-22 00:00

Modified

2025-10-27 08:16

Summary

Important: thunderbird security update

Details

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

thunderbird: firefox: Memory safety bugs (CVE-2025-11714)
thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)
thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)
thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)
thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2025:18983	ADVISORY
	https://access.redhat.com/security/cve/CVE-2025-11708	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11709	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11710	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11711	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11712	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11714	REPORT
	https://access.redhat.com/security/cve/CVE-2025-11715	REPORT
	https://bugzilla.redhat.com/2403763	REPORT
	https://bugzilla.redhat.com/2403765	REPORT
	https://bugzilla.redhat.com/2403768	REPORT
	https://bugzilla.redhat.com/2403769	REPORT
	https://bugzilla.redhat.com/2403770	REPORT
	https://bugzilla.redhat.com/2403774	REPORT
	https://bugzilla.redhat.com/2403776	REPORT
	https://errata.almalinux.org/8/ALSA-2025-18983.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "thunderbird"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "140.4.0-2.el8_10.alma.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Mozilla Thunderbird is a standalone mail and newsgroup client.  \n\nSecurity Fix(es):  \n\n  * thunderbird: firefox: Memory safety bugs (CVE-2025-11714)\n  * thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures (CVE-2025-11709)\n  * thunderbird: firefox: Cross-process information leaked due to malicious IPC messages (CVE-2025-11710)\n  * thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance() (CVE-2025-11708)\n  * thunderbird: firefox: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type (CVE-2025-11712)\n  * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 (CVE-2025-11715)\n  * thunderbird: firefox: Some non-writable Object properties could be modified (CVE-2025-11711)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18983",
  "modified": "2025-10-27T08:16:53Z",
  "published": "2025-10-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18983"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11708"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11709"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11710"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11711"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11712"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11714"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-11715"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403763"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403765"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403768"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403769"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403770"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403774"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403776"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-18983.html"
    }
  ],
  "related": [
    "CVE-2025-11714",
    "CVE-2025-11709",
    "CVE-2025-11710",
    "CVE-2025-11708",
    "CVE-2025-11712",
    "CVE-2025-11715",
    "CVE-2025-11711"
  ],
  "summary": "Important: thunderbird security update"
}

CNVD-2025-24625

Vulnerability from cnvd - Published: 2025-10-23

Title

多款Mozilla产品越界写入漏洞（CNVD-2025-24625）

Description

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。Mozilla Firefox ESR是Firefox（Web浏览器）的一个延长支持版本。Mozilla Thunderbird是电子邮件客户端软件，支持IMAP、POP邮件协议以及HTML邮件格式。多款Mozilla产品存在越界写入漏洞，攻击者可利用该漏洞执行任意代码或导致拒绝服务。

Severity

高

Patch Name

多款Mozilla产品越界写入漏洞（CNVD-2025-24625）的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://bugzilla.mozilla.org/show_bug.cgi?id=1989127

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1989127

Impacted products

Name
['Mozilla Firefox <144', 'Mozilla Firefox ESR <115.29', 'Mozilla Firefox ESR <140.4', 'Mozilla Thunderbird <140.4']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-11709",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-11709"
    }
  },
  "description": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002\n\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1989127",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-24625",
  "openTime": "2025-10-23",
  "patchDescription": "Mozilla Firefox\u662f\u7f8e\u56fdMozilla\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90Web\u6d4f\u89c8\u5668\u3002Mozilla Firefox ESR\u662fFirefox\uff08Web\u6d4f\u89c8\u5668\uff09\u7684\u4e00\u4e2a\u5ef6\u957f\u652f\u6301\u7248\u672c\u3002Mozilla Thunderbird\u662f\u7535\u5b50\u90ae\u4ef6\u5ba2\u6237\u7aef\u8f6f\u4ef6\uff0c\u652f\u6301IMAP\u3001POP\u90ae\u4ef6\u534f\u8bae\u4ee5\u53caHTML\u90ae\u4ef6\u683c\u5f0f\u3002\r\n\r\n\u591a\u6b3eMozilla\u4ea7\u54c1\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u6216\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eMozilla\u4ea7\u54c1\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-24625\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mozilla Firefox \u003c144",
      "Mozilla Firefox ESR \u003c115.29",
      "Mozilla Firefox ESR \u003c140.4",
      "Mozilla Thunderbird \u003c140.4"
    ]
  },
  "referenceLink": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-17",
  "title": "\u591a\u6b3eMozilla\u4ea7\u54c1\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2025-24625\uff09"
}

FKIE_CVE-2025-11709

Vulnerability from fkie_nvd - Published: 2025-10-14 13:15 - Updated: 2026-04-13 15:16

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1989127	Issue Tracking, Permissions Required
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-81/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-82/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-83/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-84/	Vendor Advisory
security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-85/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	*
mozilla	firefox	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "45205EB8-E615-4FE6-877C-231B4A29F86E",
              "versionEndExcluding": "115.29.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "CEE2F6DA-4331-4D6D-B01B-610DFDBE1833",
              "versionEndExcluding": "144.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
              "matchCriteriaId": "34B8F1CA-9F1A-4484-828E-4192CF1FEAFC",
              "versionEndExcluding": "140.4.0",
              "versionStartIncluding": "116.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7398846-C620-42AF-86CA-60C09184768A",
              "versionEndExcluding": "144.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4."
    }
  ],
  "id": "CVE-2025-11709",
  "lastModified": "2026-04-13T15:16:39.383",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-14T13:15:37.093",
  "references": [
    {
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Permissions Required"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-81/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-82/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-83/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-84/"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-85/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-11709 (GCVE-0-2025-11709)

Solutions

Solutions

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature