ALT-PU-2025-3294-4 — firefox-esr

BDU:2025-00073

CRITICAL9.8

Уязвимость функции sec_pkcs7_decoder_start_decrypt() браузера Mozilla Firefox и почтового клиента Thunderbird, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2025-01-06Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02309

HIGH8.8

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказывать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02310

CRITICAL9.8

Уязвимость компонента WebAssembly браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02311

MEDIUM6.5

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с ошибками синхронизации при использовании общего ресурса («Ситуация гонки»), позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

BDU:2025-02312

CRITICAL9.8

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю оказывать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02313

CRITICAL9.8

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с возможностью использования памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02314

CRITICAL9.8

Уязвимость компонента Custom Highlight API браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-02317

CRITICAL9.8

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, связанная с чтением за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код

Published: 2025-03-05Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

BDU:2025-12474

CRITICAL9.8

Уязвимость веб-браузеров Firefox и Firefox ESR, почтового клиента Thunderbird, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Published: 2025-10-06Modified: 2026-03-04

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2025-1017

CVE-2024-11704

CRITICAL9.8

A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.

Published: 2024-11-26Modified: 2025-11-03

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-1009

CRITICAL9.8

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-1010

HIGH8.8

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-1011

HIGH8.8

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-1012

HIGH7.5

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-1013

MEDIUM6.5

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2025-1014

HIGH8.8

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-1016

CRITICAL9.8

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2025-1017

CRITICAL9.8

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Published: 2025-02-04Modified: 2026-04-13

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Package update firefox-esr in branch p10

Closed issues (18)

Уязвимость компонента WebAssembly браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Custom Highlight API браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, Thunderbird ESR, позволяющая нарушителю вызвать отказ в обслуживании

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

A race during concurrent delazification could have led to a use-after-free. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.