Debian Thunderbird vulnerabilities

CVE-2025-14330 [CRITICAL] CVE-2025-14330: firefox - JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability a... JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-8028 [CRITICAL] CVE-2025-8028: firefox - On arm64, a WASM `br_table` instruction with a lot of entries could lead to the ... On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. This vulnerability affects Firefox < 141, Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scop

CVE-2025-1009 [CRITICAL] CVE-2025-1009: firefox - An attacker could have caused a use-after-free via crafted XSLT data, leading to... An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Scope: local sid: resolved (fixed in 135.0-1)

CVE-2025-6424 [CRITICAL] CVE-2025-6424: firefox - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. Thi... A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12. Scope: local sid: resolved (fixed in 140.0-1)

CVE-2025-14321 [CRITICAL] CVE-2025-14321: firefox - Use-after-free in the WebRTC: Signaling component. This vulnerability affects Fi... Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-11709 [CRITICAL] CVE-2025-11709: firefox - A compromised web process was able to trigger out of bounds reads and writes in ... A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4. Scope: local sid: resolved (fixed in 144.0-1)

CVE-2025-1017 [CRITICAL] CVE-2025-1017: firefox - Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, a... Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

CVE-2025-8031 [CRITICAL] CVE-2025-8031: firefox - The `username:password` part was not correctly stripped from URLs in CSP reports... The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-0241 [HIGH] CVE-2025-0241: firefox - When segmenting specially crafted text, segmentation would corrupt memory leadin... When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. Scope: local sid: resolved (fixed in 134.0-1)

CVE-2025-4093 [HIGH] CVE-2025-4093: firefox-esr - Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug ... Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. Scope: local bookworm: resolved (fixed in 128.10.0esr-1~deb12u1) bullseye: resolve

CVE-2025-10533 [HIGH] CVE-2025-10533: firefox - Integer overflow in the SVG component. This vulnerability affects Firefox < 143,... Integer overflow in the SVG component. This vulnerability affects Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. Scope: local sid: resolved (fixed in 143.0-1)

CVE-2025-59375 [HIGH] CVE-2025-59375: expat - libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory ... libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.2-1) sid: resolved (fixed in 2.7.2-1) trixie: open

CVE-2025-8030 [HIGH] CVE-2025-8030: firefox - Insufficient escaping in the “Copy as cURL” feature could potentially be used to... Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. Scope: local sid: resolved (fixed in 141.0-1)

CVE-2025-14322 [HIGH] CVE-2025-14322: firefox - Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL... Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 146, Firefox ESR < 115.31, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6. Scope: local sid: resolved (fixed in 146.0-1)

CVE-2025-4919 [HIGH] CVE-2025-4919: firefox - An attacker was able to perform an out-of-bounds read or write on a JavaScript o... An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2. Scope: local sid: resolved (fixed in 138.0.4-1)

CVE-2025-5268 [HIGH] CVE-2025-5268: firefox - Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, ... Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.

CVE-2025-3029 [HIGH] CVE-2025-3029: firefox - A crafted URL containing specific Unicode characters could have hidden the true ... A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. Scope: local sid: resolved (fixed in 137.0-1)

CVE-2025-26696 [HIGH] CVE-2025-26696: thunderbird - Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP... Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird < 136 and Thunderbird < 128.8. Scope: local bookworm: resolved (fixed in 1:128.8.0esr-1~deb12u1) bullseye: resolved (fixed in 1:128.8.0esr-1~deb1

CVE-2025-8035 [HIGH] CVE-2025-8035: firefox - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefo... Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 141, Firefox ESR < 128.13,

CVE-2025-13017 [HIGH] CVE-2025-13017: firefox - Same-origin policy bypass in the DOM: Notifications component. This vulnerabilit... Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, Thunderbird < 145, and Thunderbird < 140.5. Scope: local sid: resolved (fixed in 145.0-1)