Request a Demo
Rewterz
Multiple Microsoft Products Vulnerabilities
June 12, 2025
Rewterz
Multiple Trend Micro Products Zero-Day Vulnerabilities
June 12, 2025

Multiple Mozilla Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-5986 CVSS:8.1

Mozilla Thunderbird could allow a remote attacker to obtain sensitive information, caused by an error while using mailbox:/// links. By persuading a victim to download a specially crafted .pdf file, an attacker could exploit this vulnerability to download files, exhaust disk space or to leak hashed Windows credentials.

CVE-2025-49709 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption in canvas surfaces. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-49710 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in OrderedHashTable used by the JavaScript engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-5267 CVSS:6.7

Mozilla Firefox could allow a remote attacker to conduct clickjacking attack. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to trick a user into leaking saved payment card details to a malicious page.

CVE-2025-5268 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-5269 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-5270 CVSS:6.5

Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by SNI being sent unencrypted even when encrypted DNS was enabled. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to obtain sensitive information.

CVE-2025-5271 CVSS:4.3

Mozilla Firefox is vulnerable to a content injection attack when previewing a response in Devtools ignored CSP headers.

Impact

  • Information Disclosure
  • Code Execution
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-5986
  • CVE-2025-49709
  • CVE-2025-49710
  • CVE-2025-5267
  • CVE-2025-5268
  • CVE-2025-5269
  • CVE-2025-5270
  • CVE-2025-5271

Affected Vendors

Mozilla

Affected Products

  • Mozilla Firefox Esr - 128.10
  • Mozilla Firefox - 138.0.3
  • Mozilla Thunderbird - 128.11.1
  • Mozilla Thunderbird - 139.0.2
  • Mozilla Firefox - 139.0.3
  • Mozilla Thunderbird - 138.0
  • Mozilla Thunderbird - 128.10

Remediation

Refer to Mozilla Security Advisory for patch, upgrade, or suggested workaround information.

CVE-2025-5986

CVE-2025-49709

CVE-2025-49710

CVE-2025-5267

CVE-2025-5268

CVE-2025-5269

CVE-2025-5270

CVE-2025-5271