CVE-2025-0237: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal…

CVE-2025-8031 Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2025-0240 [MEDIUM] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-0237, CVE-2025-0239, CVE-2025-0240, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247) Irvan Kurniawan discovered that Firefox incorrectly handled memory when breaking lines in text, leading to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2025-0238) Nils Bars discovered that Firefox incorrectly handled memory when using JavaScript Text Segm

CVE-2025-0237 [MEDIUM] CWE-441 firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack firefox: thunderbird: WebChannel APIs susceptible to confused deputy attack The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. Statement: Red Hat Product Security rates the severity of this flaw as

CVE-2025-0237 [MEDIUM] CVE-2025-0237: firefox - The WebChannel API, which is used to transport various information across proces... The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-0237 [MEDIUM] Mozilla Foundation Security Advisory 2025-01: CVE-2025-0237 Mozilla Foundation Security Advisory 2025-01 CVE: CVE-2025-0237 Product: Firefox Impact: high Fixed in: Firefox 134

CVE-2025-0237 [MEDIUM] Mozilla Foundation Security Advisory 2025-02: CVE-2025-0237 Mozilla Foundation Security Advisory 2025-02 CVE: CVE-2025-0237 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 128.6

CVE-2025-0237 [MEDIUM] Mozilla Foundation Security Advisory 2025-05: CVE-2025-0237 Mozilla Foundation Security Advisory 2025-05 CVE: CVE-2025-0237 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 128.6

CVE-2025-0237 [MEDIUM] Mozilla Foundation Security Advisory 2025-04: CVE-2025-0237 Mozilla Foundation Security Advisory 2025-04 CVE: CVE-2025-0237 Product: Thunderbird Impact: high Fixed in: Thunderbird 134

CVE-2025-0237 [MEDIUM] Mozilla Firefox up to 133.x WebChannel API authorization (Nessus ID 213532) A vulnerability labeled as problematic has been found in Mozilla Firefox up to 133.x. Affected is an unknown function of the component WebChannel API. Executing a manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2025-0237. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

CVE-2025-0237 [MEDIUM] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-0237, CVE-2025-0239, CVE-2025-0240, CVE-2025-0242, CVE-2025-0243, CVE-2025-0247) Irvan Kurniawan discovered that Firefox incorrectly handled memory when breaking lines in text, leading to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2025-0238) Nils Bars discovered that Firefox incorrectly handled memory when using JavaScript Text Segmentation. An attacker could possibly use this issue to cause a d

CVE-2025-0237 [MEDIUM] CWE-863 GHSA-2776-h8x3-vrr7: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the princ The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.

CVE-2025-0237 [MEDIUM] CVE-2025-0237: The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the princ The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.