CVE-2025-3032
published 2025-04-01CVE-2025-3032: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox…
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 137.0-1 (sid) | firefox 137.0-1 (sid) |
| mozilla | firefox | < 137.0 | 137.0 |
| mozilla | firefox | — | — |
| mozilla | thunderbird | < 137.0 | 137.0 |
| mozilla | thunderbird | >= 0 < 1:140.7.1+build1-0ubuntu0.22.04.1 | 1:140.7.1+build1-0ubuntu0.22.04.1 |
CVSS provenance
nvdv3.17.4HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
osv7.4HIGH