Severity
High
Analysis Summary
CVE-2025-3034 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2025-3030 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2025-3028 CVSS:8.8
Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free triggered by XSLTProcessor. By persuading a victim to visit a specially crafted Website, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
Impact
- Code Execution
Indicators of Compromise
CVE
CVE-2025-3034
CVE-2025-3030
CVE-2025-3028
Affected Vendors
Affected Products
- Mozilla Firefox - 136.0.3
- Mozilla Firefox ESR - 128.8.0
- Mozilla Thunderbird - 136.0
- Mozilla Thunderbird ESR - 128.8
- Firefox - 115.21
- Mozilla Firefox ESR - unspecified
Remediation
Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.