Debian Firefox vulnerabilities

CVE-2025-4090 [MEDIUM] CVE-2025-4090: firefox - A vulnerability existed in Thunderbird for Android where potentially sensitive l... A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved

CVE-2025-4086 [MEDIUM] CVE-2025-4086: firefox - A specially crafted filename containing a large number of encoded newline charac... A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved

CVE-2025-0244 [MEDIUM] CVE-2025-0244: firefox - When redirecting to an invalid protocol scheme, an attacker could spoof the addr... When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. Scope: local sid: resolved

CVE-2025-23109 [MEDIUM] CVE-2025-23109: firefox - Long hostnames in URLs could be leveraged to obscure the actual host of the webs... Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. Scope: local sid: resolved

CVE-2025-0245 [LOW] CVE-2025-0245: firefox - Under certain circumstances, a user opt-in setting that Focus should require aut... Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134. Scope: local sid: resolved

CVE-2025-1939 [LOW] CVE-2025-1939: firefox - Android apps can load web pages using the Custom Tabs feature. This feature supp... Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136. Scope: local sid: resolved

CVE-2025-10859 [MEDIUM] CVE-2025-10859: firefox - Cookie storage for non-HTML temporary documents was being shared incorrectly wit... Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS < 143.1. Scope: local sid: resolved

CVE-2025-5265 [MEDIUM] CVE-2025-5265: firefox - Due to insufficient escaping of the ampersand character in the “Copy as cURL” fe... Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox

CVE-2025-9186 [MEDIUM] CVE-2025-9186: firefox - Spoofing issue in the Address Bar component of Firefox Focus for Android. This v... Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability affects Firefox < 142. Scope: local sid: resolved

CVE-2025-11720 [HIGH] CVE-2025-11720: firefox - The Firefox and Firefox Focus UI for the Android custom tab feature only showed ... The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability affects Firefox < 144. Scope: local sid: resolved

CVE-2025-11716 [MEDIUM] CVE-2025-11716: firefox - Links in a sandboxed iframe could open an external app on Android without the re... Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox < 144 and Thunderbird < 144. Scope: local sid: resolved

CVE-2025-1941 [LOW] CVE-2025-1941: firefox - Under certain circumstances, a user opt-in setting that Focus should require aut... Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136. Scope: local sid: resolved

CVE-2025-3033 [HIGH] CVE-2025-3033: firefox - After selecting a malicious Windows `.url` shortcut from the local filesystem, a... After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137. Scope: local sid: resolved

CVE-2025-6426 [HIGH] CVE-2025-6426: firefox - The executable file warning did not warn users before opening files with the `te... The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local sid: resolved

CVE-2025-14744 [MEDIUM] CVE-2025-14744: firefox - Unicode RTLO characters could allow malicious websites to spoof filenames in the... Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS < 144.0. Scope: local sid: resolved

CVE-2025-0246 [MEDIUM] CVE-2025-0246: firefox - When using an invalid protocol scheme, an attacker could spoof the address bar. ... When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. Scope: local sid: resolved

CVE-2025-1940 [HIGH] CVE-2025-1940: firefox - A select option could partially obscure the confirmation prompt shown before lau... A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. *This issue only affects Android versions of Firefox.* This vulnerability affects Firefox < 136. Scope: local sid: resolved

CVE-2025-4082 [MEDIUM] CVE-2025-4082: firefox - Modification of specific WebGL shader attributes could trigger an out-of-bounds ... Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138

CVE-2025-5020 [MEDIUM] CVE-2025-5020: firefox - Opening maliciously-crafted URLs in Firefox from other apps such as Safari could... Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client This vulnerability affects Firefox for iOS < 139. Scope: local sid: resolved

CVE-2025-1930 [HIGH] CVE-2025-1930: firefox - On Windows, a compromised content process could use bad StreamData sent over Aud... On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Scope: local sid: resolved