Multiple vulnerabilities in Mozilla Firefox ESR

Описание

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Security bypass vulnerability in JavaScript engine can be exploited to bypass security restrictions.
2. Denial of service vulnerability in large branch table can be exploited to cause denial of service.
3. Code execution vulnerability in javascript URLs when used in object and embed tags can be exploited to execute arbitrary code
4. Code execution vulnerability in «Copy as cURL» command can be exploited to execute arbitrary code.
5. Information disclosure vulnerability in URL stripping can be exploited to obtain sensitive information.
6. Security bypass vulnerability can be exploited via special crafted XSLT document to bypass security restrictions.
7. Denial of service vulnerability in JavaScript state machine can be exploited to denial of service.
8. Memory safety vulnerability can be exploited to execute arbitrary code.

Первичный источник обнаружения

• MFSA2025-58
  

Связанные продукты

• Mozilla-Firefox-ESR

Список CVE

• CVE-2025-8027
  high
• CVE-2025-8028
  critical
• CVE-2025-8029
  critical
• CVE-2025-8030
  critical
• CVE-2025-8031
  critical
• CVE-2025-8032
  critical
• CVE-2025-8033
  high
• CVE-2025-8034
  critical
• CVE-2025-8035
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com