|
2401
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Omisión de política de mismo origen en el componente Gráficos: Canvas2D. Esta vulnerabilidad afecta a Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thund…
|
CWE-346
Origin Validation Error
|
CVE-2025-9180
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2402
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the con…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2025-9179
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2403
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Un atacante logró corromper la memoria en el proceso GMP, que procesa medios cifrados. Este proceso también está fuertemente protegido, pero sus privilegios son ligeramente diferentes a los del proce…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2025-9179
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2404
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
A crafted URL using a blob: URI could have hidden the true origin of the page, resulting in a potential spoofing attack.
*Note: This issue only affected Android operating systems. Other operating sys…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-8364
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
4.3 |
MEDIUM
Network
|
mozilla
|
firefox
|
Una URL manipulada con un blob: URI podría haber ocultado el verdadero origen de la página, lo que podría provocar un ataque de suplantación de identidad. *Nota: Este problema solo afecta a los siste…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-8364
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2025-8044
|
2026-04-14 00:17 |
2025-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Errores de seguridad de memoria presentes en Firefox 140 y Thunderbird 140. Algunos de estos errores mostraron evidencia de corrupción de memoria y presumimos que, con el esfuerzo suficiente, algunos…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2025-8044
|
2026-04-14 00:17 |
2025-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141.
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-8043
|
2026-04-14 00:17 |
2025-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
thunderbird
|
Las URL truncadas se enfocan incorrectamente al principio en lugar de alrededor del origen. Esta vulnerabilidad afecta a Firefox (versión anterior a la 141) y Thunderbird (versión anterior a la 141).
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2025-8043
|
2026-04-14 00:17 |
2025-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
9.8 |
CRITICAL
Network
|
mozilla
|
firefox
|
Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability was fixed in Firefox 141.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2025-8042
|
2026-04-14 00:17 |
2025-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
