6.5
CVE-2025-10532 - Incorrect boundary conditions in the JavaScript: GC component
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
7.3
CVE-2025-10528 - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component
Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
6.5
CVE-2025-10529 - Same-origin policy bypass in the Layout component
Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
7.1
CVE-2025-10527 - Sandbox escape due to use-after-free in the Graphics: Canvas2D component
Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
8.8
CVE-2025-10533 - Integer overflow in the SVG component
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
8.4
CVE-2025-55118 - BMC Control-M/Agent memory corruption in SSL/TLS communication
Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Ageโฆ
6.3
CVE-2025-55117 - BMC Control-M/Agent buffer overflow in SSL/TLS communication
A stack-based buffer overflow can be remotely triggered when formatting an error message in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n";โฆ
9.3
CVE-2025-55116 - BMC Control-M/Agent buffer overflow local privilege escalation
A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions.
9.3
CVE-2025-55115 - BMC Control-M/Agent path traversal local privilege escalation
A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This vulnerability impacts the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions. This vulnerability was โฆ
6.9
CVE-2025-55114 - BMC Control-M/Agent improper IP address filtering order
The improper order of AUTHORIZED_CTM_IP validation in the Control-M/Agent, where the Control-M/Server IP address is validated only after the SSL/TLS handshake is completed, exposes the Control-M/Agent to vulnerabilities in the SSL/TLS implementation under certain non-default conditions (e.g. CVE-20โฆ