Debian Firefox-Esr vulnerabilities

CVE-2025-6424 [CRITICAL] CVE-2025-6424: firefox - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Thi... A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local sid: resolved (fixed in 140.0-1)

CVE-2025-14321 [CRITICAL] CVE-2025-14321: firefox - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Fi... Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-11709 [CRITICAL] CVE-2025-11709: firefox - A compromised web process was able to trigger out of bounds reads and writes in ... A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-1017 [CRITICAL] CVE-2025-1017: firefox - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, a... Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVE-2025-8031 [CRITICAL] CVE-2025-8031: firefox - The `username:password` part was not correctly stripped from URLs in CSP reports... The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-0241 [HIGH] CVE-2025-0241: firefox - When segmenting specially crafted text, segmentation would corrupt memory leadin... When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-4093 [HIGH] CVE-2025-4093: firefox-esr - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug ... Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. Scope: local bookworm: resolved (fixed in 128.10.0esr-1~deb12u1) bullseye: resolve

CVE-2025-10533 [HIGH] CVE-2025-10533: firefox - Integer overflow in the SVG component. This vulnerability affects Firefox < 143,... Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-59375 [HIGH] CVE-2025-59375: expat - libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory ... libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.2-1) sid: resolved (fixed in 2.7.2-1) trixie: open

CVE-2025-8030 [HIGH] CVE-2025-8030: firefox - Insufficient escaping in the “Copy as cURL” feature could potentially be used to... Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-14322 [HIGH] CVE-2025-14322: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-4919 [HIGH] CVE-2025-4919: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o... An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. Scope: local sid: resolved (fixed in 138.0.4-1)

CVE-2025-5268 [HIGH] CVE-2025-5268: firefox - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, ... Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

CVE-2025-3029 [HIGH] CVE-2025-3029: firefox - A crafted URL containing specific Unicode characters could have hidden the true ... A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-8035 [HIGH] CVE-2025-8035: firefox - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo... Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13,

CVE-2025-13017 [HIGH] CVE-2025-13017: firefox - Same-origin policy bypass in the DOM: Notifications component. This vulnerabilit... Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-10528 [HIGH] CVE-2025-10528: firefox - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canva... Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-13019 [HIGH] CVE-2025-13019: firefox - Same-origin policy bypass in the DOM: Workers component. This vulnerability affe... Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-1932 [HIGH] CVE-2025-1932: firefox - An inconsistent comparator in xslt/txNodeSorter could have resulted in potential... An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved (fixed in 136.0-1)

CVE-2025-10537 [HIGH] CVE-2025-10537: firefox - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox ... Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3