cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1015,https://securityvulnerability.io/vulnerability/CVE-2025-1015,Unprotected URI Links in Thunderbird Address Book by Mozilla,"The Thunderbird Address Book contains unsanitized URI fields that could be exploited by attackers. By creating an address book with malicious links, an attacker may trick another user into importing the compromised address book. If the user clicks on the unsanitized link within Thunderbird, it could lead to arbitrary execution of unprivileged JavaScript on a webpage opened within the Thunderbird client. This poses significant security risks as it may allow attackers to manipulate user sessions or steal sensitive information.",Mozilla,Thunderbird,,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.867Z,0
CVE-2025-1020,https://securityvulnerability.io/vulnerability/CVE-2025-1020,Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla,"Memory safety vulnerabilities in Firefox and Thunderbird versions prior to 135 have been identified, showcasing evidence of potential memory corruption issues. These vulnerabilities may allow for arbitrary code execution if successfully exploited. Users are strongly urged to upgrade to the latest versions to mitigate risks and ensure enhanced security.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.390Z,0
CVE-2025-1017,https://securityvulnerability.io/vulnerability/CVE-2025-1017,Memory Safety Bugs in Firefox and Thunderbird Products by Mozilla,"The vulnerability involves memory safety bugs identified in multiple versions of Firefox and Thunderbird, including Firefox 134 and Thunderbird 134. These memory corruption issues present a significant risk, as they potentially allow attackers to execute arbitrary code through specially crafted content. Users are advised to upgrade to the latest versions, Firefox 135 and Thunderbird 135, to mitigate this risk. Mozilla has released patches that address these vulnerabilities in its advisory, urging users to protect their systems by maintaining the latest software updates.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:56.028Z,0
CVE-2025-1016,https://securityvulnerability.io/vulnerability/CVE-2025-1016,Memory Safety Bugs in Firefox and Thunderbird Affecting Multiple Versions,"Memory safety vulnerabilities have been identified in Firefox and Thunderbird that may allow attackers to exploit memory corruption issues. These flaws exist in versions before Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, and corresponding Thunderbird versions. If successfully exploited, these vulnerabilities could potentially lead to arbitrary code execution, posing a significant risk to user security. Users are advised to update their software to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:55.672Z,0
CVE-2025-0510,https://securityvulnerability.io/vulnerability/CVE-2025-0510,Email Spoofing Vulnerability in Mozilla Thunderbird Software,"A vulnerability has been identified in Mozilla Thunderbird where an incorrect sender address can be displayed if the From field of an email utilizes improper group name syntax. This issue impacts versions of Thunderbird prior to 128.7 and 135, potentially misleading users by obscuring the true origin of an email. Such email spoofing can lead to phishing attempts and unauthorized access to sensitive information, emphasizing the importance of utilizing updated software to mitigate security risks.",Mozilla,Thunderbird,,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:55.320Z,0
CVE-2025-1014,https://securityvulnerability.io/vulnerability/CVE-2025-1014,Insufficient Certificate Length Validation in Mozilla Products,"This vulnerability arises from the failure to validate certificate lengths when added to the certificate store in Mozilla products. Trusted data should ideally be checked thoroughly; however, in this case, the lack of proper length validation led to potential security risks for users operating versions of Firefox and Thunderbird below the specified thresholds. Users are advised to upgrade their software to mitigate potential exploitation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.940Z,0
CVE-2025-1013,https://securityvulnerability.io/vulnerability/CVE-2025-1013,Race Condition Leads to Privacy Leak in Mozilla Products,"A race condition in Mozilla's Firefox and Thunderbird products may allow private browsing tabs to unintentionally open in standard browsing windows. This behavior can result in confidential information being exposed, potentially compromising user privacy. Affected versions include Firefox versions prior to 135, Firefox ESR below 128.7, and Thunderbird versions under 128.7 and 135. Users are advised to update their applications to the latest versions to mitigate this risk.",Mozilla,"Firefox,Firefox Esr,Thunderbird",6.5,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.445Z,0
CVE-2025-1019,https://securityvulnerability.io/vulnerability/CVE-2025-1019,Spoofing Vulnerability in Firefox and Thunderbird,"A vulnerability allows for the manipulation of the z-order of browser windows, which can conceal fullscreen notifications. This condition may enable attackers to exploit the flaw by conducting spoofing attacks, potentially deceiving users into believing they are interacting with legitimate interfaces. Affected versions include Firefox and Thunderbird prior to version 135.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:54.064Z,0
CVE-2025-1012,https://securityvulnerability.io/vulnerability/CVE-2025-1012,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Products,"A race condition during concurrent delazification in Mozilla Firefox and Thunderbird can result in a use-after-free scenario. This flaw occurs when specific versions of these products process certain memory operations simultaneously, leading to unpredictable behavior and potential exploitation. Users of Firefox versions earlier than 135 and specific versions of Firefox ESR and Thunderbird should be aware of this vulnerability and consider updating to secure versions available to mitigate possible risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.687Z,0
CVE-2025-1011,https://securityvulnerability.io/vulnerability/CVE-2025-1011,WebAssembly Code Generation Flaw in Mozilla Firefox and Thunderbird,"A flaw in the WebAssembly code generation process affects multiple versions of Mozilla Firefox and Thunderbird. Exploitation of this weakness may allow attackers to execute arbitrary code, potentially leading to crashes or unauthorized actions within the affected applications. Users of Firefox versions prior to 135 and Thunderbird versions prior to 135 or 128.7 are particularly at risk and should take immediate action to update their software to mitigate this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:53.239Z,0
CVE-2025-1018,https://securityvulnerability.io/vulnerability/CVE-2025-1018,Spoofing Issue in Mozilla Firefox and Thunderbird,"A vulnerability exists in Mozilla Firefox and Thunderbird where the fullscreen notification is hidden too quickly when the user re-requests fullscreen mode. This flaw could be exploited to execute potential spoofing attacks, compromising user trust and security. Users of Firefox version 135 and earlier, as well as Thunderbird version 135 and earlier, should take precautions to safeguard their systems from possible exploitation.",Mozilla,"Firefox,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:52.807Z,0
CVE-2025-1010,https://securityvulnerability.io/vulnerability/CVE-2025-1010,Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird,"A vulnerability exists in the Custom Highlight API of Firefox and Thunderbird that allows an attacker to exploit a use-after-free condition. This flaw may result in a crash, potentially leading to further exploitation. Affected versions include specific releases of Firefox and Thunderbird prior to indicated versions. Users are urged to update their applications to mitigate the risks associated with this vulnerability.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:52.357Z,0
CVE-2025-1009,https://securityvulnerability.io/vulnerability/CVE-2025-1009,Use-After-Free Vulnerability in Firefox and Thunderbird Products by Mozilla,"A vulnerability exists in Mozilla's Firefox and Thunderbird products that could be exploited through crafted XSLT data, potentially leading to application crashes. Attackers may leverage this condition to disrupt services, highlighting the importance of maintaining updated versions to mitigate risks associated with this insecure implementation.",Mozilla,"Firefox,Firefox Esr,Thunderbird",,,0.01,false,,false,false,false,,false,false,false,,2025-02-04T13:58:51.928Z,0
CVE-2025-23720,https://securityvulnerability.io/vulnerability/CVE-2025-23720,Cross-Site Request Forgery in Mozilla Web Push leading to Stored XSS Exploit,"A Cross-Site Request Forgery (CSRF) vulnerability exists in Mozilla Web Push, which can be exploited to execute Stored Cross-Site Scripting (XSS) attacks. This flaw affects versions from n/a up to 1.4.0, allowing an attacker to craft malicious requests that can lead to unauthorized actions on behalf of the user, compromising web application security.",Mozilla,Web Push,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-16T20:06:48.634Z,0
CVE-2025-23109,https://securityvulnerability.io/vulnerability/CVE-2025-23109,Website Spoofing Vulnerability in Firefox for iOS,"This vulnerability allows malicious actors to exploit long hostnames within URLs, potentially disguising the true host of a website. By leveraging this technique, attackers can create deceptive links that may confuse users, leading them to believe they are engaging with legitimate websites when they are not. This issue specifically affects Firefox for iOS versions prior to 134, highlighting the need for users to ensure their software is up to date to mitigate the associated risks. Mozilla has released an advisory detailing this vulnerability and recommended updates.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:55.235Z,0
CVE-2025-23108,https://securityvulnerability.io/vulnerability/CVE-2025-23108,URL Spoofing Vulnerability in Firefox for iOS,"A security vulnerability in the Firefox for iOS browser allows malicious scripts to spoof the URL of new tabs when users open JavaScript links via long-press. This issue primarily affects versions of Firefox for iOS prior to version 134, potentially misleading users and exposing them to phishing attacks. Users are encouraged to update their browsers to the latest version to mitigate the risk associated with this vulnerability.",Mozilla,Firefox For iOS,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-11T03:36:53.989Z,0
CVE-2025-0243,https://securityvulnerability.io/vulnerability/CVE-2025-0243,Memory Safety Vulnerability in Mozilla's Firefox and Thunderbird Products,"Multiple memory safety bugs found in Firefox and Thunderbird could potentially be exploited for arbitrary code execution. These vulnerabilities are present in versions of Firefox 133 and earlier, Firefox ESR 128.5 and earlier, Thunderbird 133 and earlier, and Thunderbird ESR 128.5 and earlier. It is critical for users to update to the latest versions (Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird ESR 128.6) to mitigate potential security risks associated with these bugs.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0242,https://securityvulnerability.io/vulnerability/CVE-2025-0242,Memory Safety Bugs in Firefox and Thunderbird Affecting Mozilla Products,"Multiple memory safety vulnerabilities have been identified in Mozilla Firefox and Thunderbird, specifically in versions 133 and earlier. These vulnerabilities can lead to memory corruption, and while exploitation of these bugs is not guaranteed, they possess the potential to allow attackers to execute arbitrary code if successfully manipulated. The affected versions include Firefox and Thunderbird prior to version 134, as well as specific extended support releases (ESR) prior to versions 115.19 and 128.6. Users and administrators are recommended to upgrade to the latest versions to mitigate these risks.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0241,https://securityvulnerability.io/vulnerability/CVE-2025-0241,Memory Corruption Issue in Firefox and Thunderbird by Mozilla,"Mozilla's Firefox and Thunderbird products have a vulnerability where specially crafted text can cause memory corruption during segmentation. This exploitation might lead to crashes in affected versions, creating a potential attack vector for malicious actors. Security updates are recommended to mitigate this issue.",Mozilla,"Firefox,Firefox Esr,Thunderbird",7.7,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0246,https://securityvulnerability.io/vulnerability/CVE-2025-0246,Address Bar Spoofing Vulnerability in Firefox for Android by Mozilla,"A serious vulnerability exists in Firefox for Android that allows attackers to spoof the address bar when using an invalid protocol scheme. This could mislead users into believing they are interacting with a legitimate website, potentially leading to phishing attacks or information theft. It is crucial for users operating on Android systems to update to the latest Firefox version to prevent exploitation of this flaw.",Mozilla,Firefox,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0238,https://securityvulnerability.io/vulnerability/CVE-2025-0238,Firefox Vulnerability Could Lead to Exploitable Crash,"Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6.",Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,142
CVE-2025-0245,https://securityvulnerability.io/vulnerability/CVE-2025-0245,Authentication Bypass Vulnerability in Firefox by Mozilla,"An authentication bypass vulnerability exists in Firefox that allows users to circumvent the opt-in settings meant to require authentication before use. This issue affects versions of Firefox prior to 134. Malicious actors could exploit this flaw, leading to unauthorized access and the potential for data compromise.",Mozilla,Firefox,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0244,https://securityvulnerability.io/vulnerability/CVE-2025-0244,Address Bar Spoofing Vulnerability in Firefox for Android,"A vulnerability exists in Firefox for Android that allows attackers to spoof the browser's address bar when redirecting to an invalid protocol scheme. This may mislead users by presenting a falsified URL, thereby jeopardizing their security. Only users of Firefox versions below 134 on Android devices are affected. Other operating systems and Firefox versions remain unaffected, highlighting the need for vigilance in mobile browsing.",Mozilla,Firefox,,,0.0006099999882280827,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0247,https://securityvulnerability.io/vulnerability/CVE-2025-0247,Memory Safety Vulnerability in Firefox and Thunderbird Products by Mozilla,"A set of memory safety issues have been identified in Firefox and Thunderbird versions prior to 134. These issues enable the potential for memory corruption, which could be exploited maliciously to execute arbitrary code if sufficiently exploited. Mozilla has addressed these vulnerabilities in the updated releases, 134, for both products. Users are highly encouraged to update their software to the latest version to mitigate the risks associated with these memory safety bugs.",Mozilla,"Firefox,Thunderbird",8.8,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0
CVE-2025-0239,https://securityvulnerability.io/vulnerability/CVE-2025-0239,Certificate Validation Flaw in Mozilla Products Affects Firefox and Thunderbird,A vulnerability affecting Mozilla's Firefox and Thunderbird involves improper validation of certificates triggered by Alt-Svc and ALPN when redirecting from a secure to an insecure server. This flaw potentially exposes users to risks as it might allow malicious entities to intercept or manipulate data without being detected. Users of affected versions are advised to prioritize upgrades to protect themselves against potential exploitation.,Mozilla,"Firefox,Firefox Esr,Thunderbird,Thunderbird Esr",4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T16:15:00.000Z,0