Search CVE reports

21 – 30 of 464 results

Detailed view

Sort by:

CVE-2025-6432

Medium priority

Needs evaluation

When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability affects Firefox < 140 and Thunderbird < 140.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6431

Medium priority

Needs evaluation

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6430

Medium priority

Some fixes available 1 of 12

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a website vulnerable to a...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6429

Medium priority

Some fixes available 1 of 12

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website security checks that restricted which domains users were...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6428

Medium priority

Needs evaluation

When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6427

Medium priority

Needs evaluation

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6426

Medium priority

Some fixes available 1 of 12

The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6425

Medium priority

Some fixes available 1 of 12

An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles....

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-6424

Medium priority

Some fixes available 1 of 12

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-5283

Medium priority

Some fixes available 7 of 18

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

11 affected packages

chromium-browser, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
chromium-browser	Not affected	Not affected	Not in release	—
firefox	Not affected	Not affected	Not in release	—
thunderbird	Not affected	Not affected	Not in release	—
mozjs38	Not in release	Not in release	Not in release	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	Not in release	—
mozjs91	Not in release	Ignored	Not in release	—
mozjs102	Ignored	Ignored	Not in release	—
mozjs115	Ignored	Not in release	Not in release	—
libvpx	Fixed	Fixed	Fixed	Fixed

Export to JSON

Results by page: