May 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Lumma Stealer Malware aka LummaC – Active IOCs
April 30, 2025Multiple Adobe ColdFusion Vulnerabilities
April 30, 2025Lumma Stealer Malware aka LummaC – Active IOCs
April 30, 2025Multiple Adobe ColdFusion Vulnerabilities
April 30, 2025
Severity
High
Analysis Summary
CVE-2025-4092 CVSS:8.8
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
CVE-2025-4091 CVSS:8.8
Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
CVE-2025-2817 CVSS:8.8
Mozilla Firefox could allow a remote attacker to gain elevated privileges on the system, caused by an error in the update mechanism. By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation.
CVE-2025-4082 CVSS:8.8
Mozilla Firefox could allow a remote attacker to gain elevated privileges on the system, caused by an out-of-bounds read error. This leads to privilege escalation attacks.
CVE-2025-4090 CVSS:6.5
Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of where sensitive library locations were logged via Logcat. This could lead to an information disclosure.
CVE-2025-4089 CVSS:7.8
Mozilla Firefox could allow a local attacker to execute arbitrary code on the system, caused by insufficient escaping of the special characters in the "copy as cURL" feature. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2025-4088 CVSS:6.5
Mozilla Firefox is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Website, a remote attacker could send a malformed credentialed request using storage access API redirects to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2025-4087 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by missing null checks during attribute access. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read access and potentially, memory corruption.
CVE-2025-4086 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions. A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog.
CVE-2025-4085 CVSS:6.3
Mozilla Firefox could allow a remote attacker to gain elevated privileges on the system, caused by the leverage of the privileged UITour actor to leak sensitive information. This leads to privilege escalation attacks.
CVE-2025-4084 CVSS:7.8
Mozilla Firefox could allow a local attacker to execute arbitrary code on the system, caused by insufficient escaping of the ampersand character in the "copy as cURL" feature. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVE-2025-4083 CVSS:6.5
Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by a process isolation vulnerability stemming from improper handling of javascript: URIs. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using "javascript:" URI links in cross-origin frames to bypass process isolation.
Impact
- Cross-Site Scripting
- Code Execution
- Privilege Escalation
- Security Bypass
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2025-2817
- CVE-2025-4090
- CVE-2025-4091
- CVE-2025-4092
- CVE-2025-4089
- CVE-2025-4088
- CVE-2025-4087
- CVE-2025-4086
- CVE-2025-4085
- CVE-2025-4084
- CVE-2025-4083
- CVE-2025-4082
Affected Vendors
Mozilla
Affected Products
- Mozilla Firefox - 138
- Mozilla Thunderbird - 138
- Mozilla Firefox Esr - 128.10
- Mozilla Thunderbird Esr - 128.10
Remediation
Refer to Mozilla Security Advisory for patch, upgrade, or suggested workaround information.
