Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie

Type deb

Namespace debian

Name firefox-esr

Version 128.7.0esr-1~deb12u1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 128.7.0esr-1

Latest_non_vulnerable_version 140.11.0esr-1~deb13u1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1e6u-mg34-z7dt

vulnerability_id VCID-1e6u-mg34-z7dt

summary An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1010.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1010.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1010

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.57282
published_at	2026-06-06T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57274
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1010

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343750
reference_id	2343750
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343750

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_id

mfsa2025-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_id

mfsa2025-08

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936982

reference_id

show_bug.cgi?id=1936982

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T18:47:57Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936982

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1010

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1e6u-mg34-z7dt

url VCID-658f-y5df-57c4

vulnerability_id VCID-658f-y5df-57c4

summary Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1014.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1014.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1014

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43848
published_at	2026-06-06T12:55:00Z

value	0.00212
scoring_system	epss
scoring_elements	0.43839
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1014

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1014

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343764
reference_id	2343764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343764

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1940804

reference_id

show_bug.cgi?id=1940804

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T20:58:58Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1940804

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1014

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-658f-y5df-57c4

url VCID-7321-q5ca-e3g7

vulnerability_id VCID-7321-q5ca-e3g7

summary A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1013.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1013.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1013

reference_id

reference_type

scores

value	0.0025
scoring_system	epss
scoring_elements	0.48456
published_at	2026-06-06T12:55:00Z

value	0.0025
scoring_system	epss
scoring_elements	0.4845
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1013

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1013

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343754
reference_id	2343754
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343754

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1932555

reference_id

show_bug.cgi?id=1932555

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-04T21:11:49Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1932555

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1013

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7321-q5ca-e3g7

url VCID-ah8t-8he4-u3fx

vulnerability_id VCID-ah8t-8he4-u3fx

summary An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1009.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1009.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1009

reference_id

reference_type

scores

value	0.00799
scoring_system	epss
scoring_elements	0.74428
published_at	2026-06-06T12:55:00Z

value	0.00799
scoring_system	epss
scoring_elements	0.74423
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1009

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343760
reference_id	2343760
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343760

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_id

mfsa2025-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_id

mfsa2025-08

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936613

reference_id

show_bug.cgi?id=1936613

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-14T03:55:36Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936613

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1009

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ah8t-8he4-u3fx

url VCID-cfa9-bcv2-xke8

vulnerability_id VCID-cfa9-bcv2-xke8

summary A race during concurrent delazification could have led to a use-after-free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1012.json

reference_id

reference_type

scores

value	7.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1012.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1012

reference_id

reference_type

scores

value	0.00427
scoring_system	epss
scoring_elements	0.62777
published_at	2026-06-06T12:55:00Z

value	0.00427
scoring_system	epss
scoring_elements	0.62767
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1012

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343765
reference_id	2343765
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343765

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_id

mfsa2025-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_id

mfsa2025-08

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1939710

reference_id

show_bug.cgi?id=1939710

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T16:01:27Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1939710

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1012

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cfa9-bcv2-xke8

url VCID-pah8-n6cz-c7b9

vulnerability_id VCID-pah8-n6cz-c7b9

summary Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1016.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1016.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1016

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54811
published_at	2026-06-06T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.548
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1016

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1016

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343752
reference_id	2343752
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343752

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994

reference_id

buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_id

mfsa2025-08

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_id

mfsa2025-08

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-08/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:03:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1016

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pah8-n6cz-c7b9

url VCID-qxnq-dd84-xuf7

vulnerability_id VCID-qxnq-dd84-xuf7

summary Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1017.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1017.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1017

reference_id

reference_type

scores

value	0.00308
scoring_system	epss
scoring_elements	0.54351
published_at	2026-06-06T12:55:00Z

value	0.00308
scoring_system	epss
scoring_elements	0.54343
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1017

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343748
reference_id	2343748
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343748

reference_url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471

reference_id

buglist.cgi?bug_id=1926256%2C1935984%2C1935471

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/

url

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T21:05:18Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1017

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxnq-dd84-xuf7

url VCID-u9tm-qdjs-abeb

vulnerability_id VCID-u9tm-qdjs-abeb

summary A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1011.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-1011.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-1011

reference_id

reference_type

scores

value	0.00291
scoring_system	epss
scoring_elements	0.52847
published_at	2026-06-06T12:55:00Z

value	0.00291
scoring_system	epss
scoring_elements	0.52841
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-1011

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1011

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343756
reference_id	2343756
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343756

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_id

mfsa2025-07

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_id

mfsa2025-07

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-07/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_id

mfsa2025-11

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_id

mfsa2025-11

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-11/

reference_url	https://access.redhat.com/errata/RHSA-2025:1066
reference_id	RHSA-2025:1066
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1066

reference_url	https://access.redhat.com/errata/RHSA-2025:1132
reference_id	RHSA-2025:1132
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1132

reference_url	https://access.redhat.com/errata/RHSA-2025:1133
reference_id	RHSA-2025:1133
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1133

reference_url	https://access.redhat.com/errata/RHSA-2025:1135
reference_id	RHSA-2025:1135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1135

reference_url	https://access.redhat.com/errata/RHSA-2025:1136
reference_id	RHSA-2025:1136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1136

reference_url	https://access.redhat.com/errata/RHSA-2025:1137
reference_id	RHSA-2025:1137
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1137

reference_url	https://access.redhat.com/errata/RHSA-2025:1138
reference_id	RHSA-2025:1138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1138

reference_url	https://access.redhat.com/errata/RHSA-2025:1139
reference_id	RHSA-2025:1139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1139

reference_url	https://access.redhat.com/errata/RHSA-2025:1140
reference_id	RHSA-2025:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1140

reference_url	https://access.redhat.com/errata/RHSA-2025:1184
reference_id	RHSA-2025:1184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1184

reference_url	https://access.redhat.com/errata/RHSA-2025:1283
reference_id	RHSA-2025:1283
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1283

reference_url	https://access.redhat.com/errata/RHSA-2025:1292
reference_id	RHSA-2025:1292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1292

reference_url	https://access.redhat.com/errata/RHSA-2025:1317
reference_id	RHSA-2025:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1317

reference_url	https://access.redhat.com/errata/RHSA-2025:1318
reference_id	RHSA-2025:1318
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1318

reference_url	https://access.redhat.com/errata/RHSA-2025:1319
reference_id	RHSA-2025:1319
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1319

reference_url	https://access.redhat.com/errata/RHSA-2025:1339
reference_id	RHSA-2025:1339
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1339

reference_url	https://access.redhat.com/errata/RHSA-2025:1340
reference_id	RHSA-2025:1340
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1340

reference_url	https://access.redhat.com/errata/RHSA-2025:1341
reference_id	RHSA-2025:1341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1341

reference_url	https://access.redhat.com/errata/RHSA-2025:1348
reference_id	RHSA-2025:1348
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1348

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936454

reference_id

show_bug.cgi?id=1936454

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-05T19:01:33Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1936454

reference_url	https://usn.ubuntu.com/7263-1/
reference_id	USN-7263-1
reference_type
scores
url	https://usn.ubuntu.com/7263-1/

reference_url	https://usn.ubuntu.com/7663-1/
reference_id	USN-7663-1
reference_type
scores
url	https://usn.ubuntu.com/7663-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2025-1011

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9tm-qdjs-abeb

url VCID-un91-2e6u-nkdy

vulnerability_id VCID-un91-2e6u-nkdy

summary A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11704.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11704.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11704

reference_id

reference_type

scores

value	0.00271
scoring_system	epss
scoring_elements	0.50823
published_at	2026-06-06T12:55:00Z

value	0.00271
scoring_system	epss
scoring_elements	0.50818
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11704

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11704

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2328942
reference_id	2328942
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2328942

reference_url	https://security.gentoo.org/glsa/202501-10
reference_id	GLSA-202501-10
reference_type
scores
url	https://security.gentoo.org/glsa/202501-10

reference_url	https://security.gentoo.org/glsa/202505-03
reference_id	GLSA-202505-03
reference_type
scores
url	https://security.gentoo.org/glsa/202505-03

reference_url	https://security.gentoo.org/glsa/202509-02
reference_id	GLSA-202509-02
reference_type
scores
url	https://security.gentoo.org/glsa/202509-02

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63

reference_id

mfsa2024-63

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63

reference_url

https://www.mozilla.org/security/advisories/mfsa2024-63/

reference_id

mfsa2024-63

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2024-63/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2024-67

reference_id

mfsa2024-67

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2024-67

reference_url

https://www.mozilla.org/security/advisories/mfsa2024-67/

reference_id

mfsa2024-67

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2024-67/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_id

mfsa2025-09

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_id

mfsa2025-09

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-09/

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_id

mfsa2025-10

reference_type

scores

value	high
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10

reference_url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_id

mfsa2025-10

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/

url

https://www.mozilla.org/security/advisories/mfsa2025-10/

reference_url

https://bugzilla.mozilla.org/show_bug.cgi?id=1899402

reference_id

show_bug.cgi?id=1899402

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-27T15:21:47Z/

url

https://bugzilla.mozilla.org/show_bug.cgi?id=1899402

reference_url	https://usn.ubuntu.com/7134-1/
reference_id	USN-7134-1
reference_type
scores
url	https://usn.ubuntu.com/7134-1/

fixed_packages

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb11u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@128.7.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ghpk-c1e6-pkae

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

aliases CVE-2024-11704

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-un91-2e6u-nkdy

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@128.7.0esr-1~deb12u1%3Fdistro=trixie

Package Instance