Soluções para:
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Vulnerabilidades Ameaças
Início Vulnerabilidades

Multiple vulnerabilities in Mozilla Firefox

Kaspersky ID:
KLA89245
Data de detecção:
10/14/2025
Atualizado:
10/15/2025

Descrição

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Use-after-free vulnerability in MediaTrackGraph can be exploited remotely to execute arbitrary code and cause denial of service
  2. Out of bounds read/write vulnerability in WebGL can be exploited remotely to execute arbitrary code and cause denial of service
  3. Security bypass vulnerability in privileged browser process can be exploited to bypass security restrictions and obtain sensitive information
  4. Security bypass vulnerability in JavaScript can be exploited to modify non-writable properties and bypass security restrictions
  5. Cross site scripting vulnerability due to improper MIME-type enforcement in OBJECT tag can be exploited remotely to execute arbitrary code
  6. Insufficient escaping in the “Copy as cURL” feature vulnerability can be exploited remotely to execute arbitrary code
  7. Memory corruption vulnerability can be exploited remotely to execute arbitrary code and cause denial of service
  8. Sandbox links vulnerability in Iframe can be exploited remotely to bypass security restrictions
  9. Card carousel vulnerability can be exploited to obtain sensitive information
  10. Address bar vulnerability can be exploited to create fake address bar and spoof user interface
  11. Use-after-free vulnerability in native messaging API can be exploited remotely to execute arbitrary code and cause denial of service
  12. Custom tab feature vulnerability can be exploited to spoof user interface

Comunicados originais

Produtos relacionados

Lista de CVE

  • CVE-2025-11708
    critical
  • CVE-2025-11709
    critical
  • CVE-2025-11710
    critical
  • CVE-2025-11711
    high
  • CVE-2025-11712
    high
  • CVE-2025-11713
    critical
  • CVE-2025-11714
    critical
  • CVE-2025-11715
    critical
  • CVE-2025-11716
    high
  • CVE-2025-11717
    critical
  • CVE-2025-11718
    high
  • CVE-2025-11719
    critical
  • CVE-2025-11720
    critical
  • CVE-2025-11721
    critical

Saiba mais

Descubra as estatísticas das vulnerabilidades que se espalham em sua região statistics.securelist.com

Encontrou uma imprecisão na descrição desta vulnerabilidade? Avise-nos!
Kaspersky Next:
cibersegurança redefinida
Saber mais
Novo Kaspersky!
Sua vida dgital merece proteção completa!
Saber mais
Related articles
06 March 2026
Securelist
Exploits and vulnerabilities in Q4 2025
04 March 2026
Securelist
Mobile malware evolution in 2025
19 February 2026
Securelist
Arkanix Stealer: a C++ & Python infostealer
17 February 2026
Securelist
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
11 February 2026
Securelist
The game is over: when “free” comes at too high a price. What we know about RenEngine
11 February 2026
Securelist
Spam and phishing in 2025
Encontrou uma imprecisão na descrição desta vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Encontrou uma nova Ameaça ou Vulnerabilidade?
Se você encontrou uma nova Ameaça ou Vulnerabilidade, por favor, nos avise por e-mail:
newvirus@kaspersky.com
Soluções para
Produtos domésticos
Pequenas empresas
Empresas médias
Grandes empresas
Select language
Severity level
Critical
High
Warning
Sorting
Kaspersky ID
Vulnerabilidade
Detect date
Nível de gravidade
You must select at least one severity level
Do you want to save your changes?
Your message has been sent successfully.