Search CVE reports

281 – 290 of 3127 results

Detailed view

Sort by:

CVE-2025-11711

Medium priority

Some fixes available 1 of 11

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-11710

Medium priority

Some fixes available 1 of 11

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-11709

Medium priority

Some fixes available 1 of 11

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-11708

Medium priority

Some fixes available 1 of 11

Use-after-free in MediaTrackGraphImpl::GetInstance(). This vulnerability was fixed in Firefox 144, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-11153

Medium priority

Needs evaluation

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-11152

Medium priority

Not affected

Sandbox escape due to integer overflow in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143.0.3.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	—	—
thunderbird	—	Not affected	Not affected	—	—

CVE-2025-10537

Medium priority

Some fixes available 1 of 11

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-10536

Medium priority

Some fixes available 1 of 11

Information disclosure in the Networking: Cache component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	Fixed	—	—
mozjs38	Not in release	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Not in release	Ignored	—	—
mozjs91	Not in release	Not in release	Ignored	—	—
mozjs102	Not in release	Ignored	Ignored	—	—
mozjs115	Not in release	Ignored	Not in release	—	—

CVE-2025-10535

Medium priority

Not affected

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	—	—
thunderbird	—	Not affected	Not affected	—	—

CVE-2025-10534

Medium priority

Not affected

Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143.

2 affected packages

firefox, thunderbird

Package	26.04 LTS	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	—	Not affected	Not affected	—	—
thunderbird	—	Not affected	Not affected	—	—

Export to JSON

Results by page: