Search CVE reports

1 – 10 of 345 results

Detailed view

Sort by:

CVE-2025-8044

Medium priority

Needs evaluation

Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8043

Medium priority

Needs evaluation

Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8040

Medium priority

Needs evaluation

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8039

Medium priority

Needs evaluation

In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8038

Medium priority

Needs evaluation

Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8037

Medium priority

Needs evaluation

Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included the `Secure` attribute. This vulnerability affects Firefox < 141,...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8036

Medium priority

Needs evaluation

Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1.

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Not affected	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8035

Medium priority

Vulnerable

Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8034

Medium priority

Vulnerable

Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and...

9 affected packages

mozjs91, firefox, thunderbird, mozjs38, mozjs52...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
mozjs91	Not in release	Ignored	—	—
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

CVE-2025-8033

Medium priority

Vulnerable

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR <...

9 affected packages

firefox, thunderbird, mozjs38, mozjs52, mozjs68...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox	Not affected	Not affected	—	—
thunderbird	Not affected	Vulnerable	—	—
mozjs38	Not in release	Not in release	—	Needs evaluation
mozjs52	Not in release	Not in release	Ignored	Ignored
mozjs68	Not in release	Not in release	Ignored	—
mozjs78	Not in release	Ignored	—	—
mozjs91	Not in release	Ignored	—	—
mozjs102	Ignored	Ignored	—	—
mozjs115	Ignored	Not in release	—	—

Export to JSON

Results by page: