7.5
CVE-2024-40749 - [20250103] - Core - Read ACL violation in multiple core views
Improper Access Controls allows access to protected views.
6.1
CVE-2024-40747 - [20250101] - Core - XSS vectors in module chromes
Various module chromes didn't properly process inputs, leading to XSS vectors.
7.5
CVE-2024-40748 - [20250102] - Core - XSS vector in the id attribute of menu lists
Lack of output escaping in the id attribute of menu lists.
7.5
CVE-2024-8361 - DoS caused due to wrong hash length returned for SHA2/224 algorithm
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not impβ¦
5.1
CVE-2025-0243 - Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefoxβ¦
9.8
CVE-2025-0247 - Memory safety bugs fixed in Firefox 134 and Thunderbird 134
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.
6.5
CVE-2025-0242 - Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thβ¦
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.β¦
4
CVE-2025-0239 - Alt-Svc ALPN validation failure when redirected
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
5.3
CVE-2025-0238 - Use-after-free when breaking lines in text
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.
4
CVE-2025-0240 - Compartment mismatch when parsing JavaScript JSON module
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.