June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DarkCrystal RAT aka DCRat – Active IOCs
March 10, 2025Multiple QNAP Products Vulnerabilities
March 10, 2025DarkCrystal RAT aka DCRat – Active IOCs
March 10, 2025Multiple QNAP Products Vulnerabilities
March 10, 2025
Severity
High
Analysis Summary
CVE-2025-1941 CVSS:9.1
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.
CVE-2025-1934 CVSS:6.5
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-1940 CVSS:7.1
A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly.
CVE-2025-1933 CVSS:8.1
On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-1932 CVSS:9.8
An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
CVE-2025-1939 CVSS:3.9
Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox < 136.
CVE-2025-1930 CVSS:8.8
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Impact
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-1941
CVE-2025-1934
CVE-2025-1940
CVE-2025-1933
CVE-2025-1932
CVE-2025-1939
CVE-2025-1930
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox 135
- Mozilla Thunderbird 135
- Mozilla Firefox ESR 128.7
- Mozilla Thunderbird 128.7
- Mozilla Firefox ESR 115.20
Remediation
Refer to Mozilla Firefox Security Advisory for patch, upgrade, or suggested workaround information.
