Debian Firefox vulnerabilities

CVE-2025-8031 [CRITICAL] CVE-2025-8031: firefox - The `username:password` part was not correctly stripped from URLs in CSP reports... The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-0241 [HIGH] CVE-2025-0241: firefox - When segmenting specially crafted text, segmentation would corrupt memory leadin... When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-9184 [HIGH] CVE-2025-9184: firefox - Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox ... Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2.

CVE-2025-10533 [HIGH] CVE-2025-10533: firefox - Integer overflow in the SVG component. This vulnerability affects Firefox < 143,... Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-9182 [HIGH] CVE-2025-9182: firefox - Denial-of-service due to out-of-memory in the Graphics: WebRender component. Thi... Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability affects Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. Scope: local sid: resolved (fixed in 142.0-1)

CVE-2025-6435 [HIGH] CVE-2025-6435: firefox - If a user saved a response from the Network tab in Devtools using the Save As co... If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability affects Firefox < 140 and Thunderbird < 140. Scope: local sid: resolved (fixed in 140.0-1)

CVE-2025-59375 [HIGH] CVE-2025-59375: expat - libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory ... libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.2-1) sid: resolved (fixed in 2.7.2-1) trixie: open

CVE-2025-8030 [HIGH] CVE-2025-8030: firefox - Insufficient escaping in the “Copy as cURL” feature could potentially be used to... Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-4085 [HIGH] CVE-2025-4085: firefox - An attacker with control over a content process could potentially leverage the p... An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. Scope: local sid: resolved (fixed in 138.0-1)

CVE-2025-11153 [HIGH] CVE-2025-11153: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 143.0.3. Scope: local sid: resolved (fixed in 143.0.3-1)

CVE-2025-8036 [HIGH] CVE-2025-8036: firefox - Thunderbird cached CORS preflight responses across IP address changes. This allo... Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-5272 [HIGH] CVE-2025-5272: firefox - Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bug... Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139 and Thunderbird < 139. Scope: local sid: resolved (fixed in 139.0-1)

CVE-2025-14322 [HIGH] CVE-2025-14322: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-4919 [HIGH] CVE-2025-4919: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o... An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. Scope: local sid: resolved (fixed in 138.0.4-1)

CVE-2025-5268 [HIGH] CVE-2025-5268: firefox - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, ... Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

CVE-2025-3029 [HIGH] CVE-2025-3029: firefox - A crafted URL containing specific Unicode characters could have hidden the true ... A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-8035 [HIGH] CVE-2025-8035: firefox - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo... Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13,

CVE-2025-13017 [HIGH] CVE-2025-13017: firefox - Same-origin policy bypass in the DOM: Notifications component. This vulnerabilit... Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)

CVE-2025-10528 [HIGH] CVE-2025-10528: firefox - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canva... Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-13019 [HIGH] CVE-2025-13019: firefox - Same-origin policy bypass in the DOM: Workers component. This vulnerability affe... Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)