 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.2.1.2025.01 |
| Category: | General |
| Title: | Mozilla Firefox Security Advisory (MFSA2025-01) - Linux |
| Summary: | This host is missing a security update for Mozilla Firefox. |
| Description: | Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: CVE-2025-0237: WebChannel APIs susceptible to confused deputy attack The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. CVE-2025-0238: Use-after-free when breaking lines in text Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. CVE-2025-0239: Alt-Svc ALPN validation failure when redirected When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. CVE-2025-0240: Compartment mismatch when parsing JavaScript JSON module Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. CVE-2025-0241: Memory corruption when using JavaScript Text Segmentation When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. CVE-2025-0242: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-0243: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. CVE-2025-0247: Memory safety bugs fixed in Firefox 134 and Thunderbird 134 Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: Firefox version(s) below 134. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2025-0237 Common Vulnerability Exposure (CVE) ID: CVE-2025-0238 Common Vulnerability Exposure (CVE) ID: CVE-2025-0239 Common Vulnerability Exposure (CVE) ID: CVE-2025-0240 Common Vulnerability Exposure (CVE) ID: CVE-2025-0241 Common Vulnerability Exposure (CVE) ID: CVE-2025-0242 Common Vulnerability Exposure (CVE) ID: CVE-2025-0243 Common Vulnerability Exposure (CVE) ID: CVE-2025-0247 |
| Copyright | Copyright (C) 2025 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |