CVE-2025-5266
- EPSS 0.28%
- Veröffentlicht 27.05.2025 12:29:25
- Zuletzt bearbeitet 13.04.2026 15:17:04
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
CVE-2025-5267
- EPSS 0.23%
- Veröffentlicht 27.05.2025 12:29:25
- Zuletzt bearbeitet 13.04.2026 15:17:04
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
CVE-2025-5265
- EPSS 0.14%
- Veröffentlicht 27.05.2025 12:29:24
- Zuletzt bearbeitet 13.04.2026 15:17:04
Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. *This bug only affects Firefox for Window...
CVE-2025-5264
- EPSS 0.24%
- Veröffentlicht 27.05.2025 12:29:23
- Zuletzt bearbeitet 13.04.2026 15:17:03
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability was fixed in Firefox 139...
CVE-2025-5263
- EPSS 0.21%
- Veröffentlicht 27.05.2025 12:29:22
- Zuletzt bearbeitet 13.04.2026 15:17:03
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 1...
CVE-2025-5262
- EPSS 0.38%
- Veröffentlicht 27.05.2025 12:29:21
- Zuletzt bearbeitet 19.09.2025 17:18:14
A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird <...
CVE-2025-5020
- EPSS 0.2%
- Veröffentlicht 21.05.2025 17:18:08
- Zuletzt bearbeitet 13.04.2026 15:17:03
Opening maliciously-crafted URLs in Firefox from other apps such as Safari could have allowed attackers to spoof website addresses if the URLs utilized non-HTTP schemes used internally by the Firefox iOS client. This vulnerability was fixed in Firefo...
CVE-2025-4919
- EPSS 6.23%
- Veröffentlicht 17.05.2025 21:07:27
- Zuletzt bearbeitet 13.04.2026 15:17:01
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 1...
CVE-2025-4918
- EPSS 8.92%
- Veröffentlicht 17.05.2025 21:07:26
- Zuletzt bearbeitet 13.04.2026 15:17:01
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
- EPSS 0.02%
- Veröffentlicht 17.05.2025 21:07:25
- Zuletzt bearbeitet 18.05.2025 20:15:19
Rejected reason: Duplicate of CVE-2025-4919