|
2471
|
7.8 |
HIGH
Local
|
mozilla
|
vpn
|
Una vulnerabilidad en Mozilla VPN para macOS permite la escalada de privilegios de un usuario normal a root. *Este error solo afecta a Mozilla VPN en macOS. Otros sistemas operativos no se ven afecta…
|
CWE-269
Improper Privilege Management
|
CVE-2025-5687
|
2026-04-14 00:17 |
2025-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2472
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-5272
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2473
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Errores de seguridad de memoria presentes en Firefox 138 y Thunderbird 138. Algunos de estos errores mostraron evidencia de corrupción de memoria y presumimos que, con suficiente esfuerzo, algunos de…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-5272
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2474
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2025-5271
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2475
|
6.5 |
MEDIUM
Network
|
mozilla
|
firefox
|
La vista previa de una respuesta en DevTools ignoraba los encabezados CSP, lo que podría haber permitido ataques de inyección de contenido. Esta vulnerabilidad afecta a Firefox anterior a la versión …
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2025-5271
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2476
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
In certain cases, SNI could have been sent unencrypted even when encrypted DNS was enabled. This vulnerability was fixed in Firefox 139 and Thunderbird 139.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-5270
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2477
|
7.5 |
HIGH
Network
|
mozilla
|
firefox
|
En algunos casos, el SNI podría haberse enviado sin cifrar, incluso con el DNS cifrado habilitado. Esta vulnerabilidad afecta a Firefox (versión anterior a la 139).
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2025-5270
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2478
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arb…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-5269
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2479
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Error de seguridad de memoria presente en Firefox ESR 128.10 y Thunderbird 128.10. Este error mostró evidencia de corrupción de memoria y presumimos que, con suficiente esfuerzo, podría haberse explo…
|
CWE-787
Out-of-bounds Write
|
CVE-2025-5269
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2480
|
8.1 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2025-5268
|
2026-04-14 00:17 |
2025-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
