ISHACK AI BOT

Red Hat: CVE-2025-0240: firefox: Compartment mismatch when parsing JavaScript JSON module (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/06/2025 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2025-0240 RHSA-2025:0080 RHSA-2025:0135 RHSA-2025:0137 RHSA-2025:0138 RHSA-2025:0144 RHSA-2025:0281 RHSA-2025:0284 View more

Ubuntu: USN-7191-1 (CVE-2025-0237): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2025-0237 CVE - 2025-0237 USN-7191-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1915257 https://ubuntu.com/security/notices/USN-7191-1 https://www.cve.org/CVERecord?id=CVE-2025-0237 https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0237 https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0237 https://www.mozilla.org/security/advisories/mfsa2025-01/ https://www.mozilla.org/security/advisories/mfsa2025-02/ View more

MFSA2025-01 Firefox: Security Vulnerabilities fixed in Firefox 134 (CVE-2025-0243) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-upgrade-134_0 References https://attackerkb.com/topics/cve-2025-0243 CVE - 2025-0243 http://www.mozilla.org/security/announce/2025/mfsa2025-01.html

Gentoo Linux: CVE-2025-0237: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2025-0237 CVE - 2025-0237 202501-10

MFSA2025-01 Firefox: Security Vulnerabilities fixed in Firefox 134 (CVE-2025-0239) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-upgrade-134_0 References https://attackerkb.com/topics/cve-2025-0239 CVE - 2025-0239 http://www.mozilla.org/security/announce/2025/mfsa2025-01.html

MFSA2025-01 Firefox: Security Vulnerabilities fixed in Firefox 134 (CVE-2025-0247) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/13/2025 Description Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. Solution(s) mozilla-firefox-upgrade-134_0 References https://attackerkb.com/topics/cve-2025-0247 CVE - 2025-0247 http://www.mozilla.org/security/announce/2025/mfsa2025-01.html

MFSA2025-01 Firefox: Security Vulnerabilities fixed in Firefox 134 (CVE-2025-0238) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-upgrade-134_0 References https://attackerkb.com/topics/cve-2025-0238 CVE - 2025-0238 http://www.mozilla.org/security/announce/2025/mfsa2025-01.html

MFSA2025-05 Thunderbird: Security Vulnerabilities fixed in Thunderbird ESR 128.6 (CVE-2025-0239) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/14/2025 Description When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-thunderbird-upgrade-128_6 References https://attackerkb.com/topics/cve-2025-0239 CVE - 2025-0239 http://www.mozilla.org/security/announce/2025/mfsa2025-05.html

Sonicwall SonicOS: CVE-2024-53706: Improper Privilege Management Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 01/07/2025 Created 01/29/2025 Added 01/28/2025 Modified 01/28/2025 Description A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. Solution(s) sonicwall-sonicos-snwild-2025-0003 References https://attackerkb.com/topics/cve-2024-53706 CVE - 2024-53706 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

Debian: CVE-2025-0240: firefox-esr, thunderbird -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/06/2025 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-0240 CVE - 2025-0240 DSA-5839-1

Rocky Linux: CVE-2025-0237: firefox (RLSA-2025-0144) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/15/2025 Description The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource References https://attackerkb.com/topics/cve-2025-0237 CVE - 2025-0237 https://errata.rockylinux.org/RLSA-2025:0144

Rocky Linux: CVE-2025-0239: firefox (RLSA-2025-0144) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/15/2025 Description When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource References https://attackerkb.com/topics/cve-2025-0239 CVE - 2025-0239 https://errata.rockylinux.org/RLSA-2025:0144

MFSA2025-01 Firefox: Security Vulnerabilities fixed in Firefox 134 (CVE-2025-0237) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-upgrade-134_0 References https://attackerkb.com/topics/cve-2025-0237 CVE - 2025-0237 http://www.mozilla.org/security/announce/2025/mfsa2025-01.html

Gentoo Linux: CVE-2025-0242: Mozilla Firefox: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/25/2025 Added 01/24/2025 Modified 01/24/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2025-0242 CVE - 2025-0242 202501-10

SUSE: CVE-2025-0242: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2025-0242 CVE - 2025-0242

MFSA2025-03 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.19 (CVE-2025-0242) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/09/2025 Added 01/08/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-firefox-esr-upgrade-115_19 References https://attackerkb.com/topics/cve-2025-0242 CVE - 2025-0242 http://www.mozilla.org/security/announce/2025/mfsa2025-03.html

Oracle Linux: CVE-2025-0237: ELSA-2025-0080:firefox security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 01/07/2025 Created 01/14/2025 Added 01/10/2025 Modified 01/27/2025 Description The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox &lt; 134, Firefox ESR &lt; 128.6, Thunderbird &lt; 134, and Thunderbird ESR &lt; 128.6. A flaw was found in Firefox. The Mozilla Foundation&apos;s Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2025-0237 CVE - 2025-0237 ELSA-2025-0080 ELSA-2025-0144 ELSA-2025-0132

Ubuntu: USN-7191-1 (CVE-2025-0240): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/06/2025 Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2025-0240 CVE - 2025-0240 USN-7191-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1929623 https://ubuntu.com/security/notices/USN-7191-1 https://www.cve.org/CVERecord?id=CVE-2025-0240 https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0240 https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0240 https://www.mozilla.org/security/advisories/mfsa2025-01/ https://www.mozilla.org/security/advisories/mfsa2025-02/ View more

SUSE: CVE-2025-0241: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2025-0241 CVE - 2025-0241

Ubuntu: USN-7191-1 (CVE-2025-0243): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2025-0243 CVE - 2025-0243 USN-7191-1 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2C1932783 https://ubuntu.com/security/notices/USN-7191-1 https://www.cve.org/CVERecord?id=CVE-2025-0243 https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/#CVE-2025-0243 https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/#CVE-2025-0243 https://www.mozilla.org/security/advisories/mfsa2025-01/ https://www.mozilla.org/security/advisories/mfsa2025-02/ View more

MFSA2025-05 Thunderbird: Security Vulnerabilities fixed in Thunderbird ESR 128.6 (CVE-2025-0241) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 02/14/2025 Description When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) mozilla-thunderbird-upgrade-128_6 References https://attackerkb.com/topics/cve-2025-0241 CVE - 2025-0241 http://www.mozilla.org/security/announce/2025/mfsa2025-05.html

SUSE: CVE-2025-0238: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/11/2025 Added 01/10/2025 Modified 01/15/2025 Description Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozillafirefox-translations-other suse-upgrade-mozillathunderbird suse-upgrade-mozillathunderbird-translations-common suse-upgrade-mozillathunderbird-translations-other References https://attackerkb.com/topics/cve-2025-0238 CVE - 2025-0238

Alma Linux: CVE-2025-0238: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/15/2025 Description Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2025-0238 CVE - 2025-0238 https://errata.almalinux.org/8/ALSA-2025-0144.html https://errata.almalinux.org/9/ALSA-2025-0080.html

Ubuntu: USN-7228-1 (CVE-2024-12426): LibreOffice vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. Solution(s) ubuntu-upgrade-libreoffice References https://attackerkb.com/topics/cve-2024-12426 CVE - 2024-12426 USN-7228-1

Alma Linux: CVE-2025-0242: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 01/07/2025 Created 01/14/2025 Added 01/13/2025 Modified 01/15/2025 Description Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2025-0242 CVE - 2025-0242 https://errata.almalinux.org/8/ALSA-2025-0144.html https://errata.almalinux.org/8/ALSA-2025-0281.html https://errata.almalinux.org/9/ALSA-2025-0080.html https://errata.almalinux.org/9/ALSA-2025-0147.html