cvelistv5 - cve-2025-0245

cve-2025-0245

Vulnerability from cvelistv5

Published

2025-01-07 16:07

Modified

2025-01-08 15:44

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

References

▼	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1895342
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-01/

Impacted products

	Vendor	Product	Version
	Mozilla	Firefox	Version: unspecified < 134

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-0245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T15:32:24.869675Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T15:44:53.357Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "134",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jurrie Overgoor"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134."
            }
          ],
          "value": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Lock screen setting bypass in Firefox Focus for Android",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-07T16:07:05.265Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-0245",
    "datePublished": "2025-01-07T16:07:05.265Z",
    "dateReserved": "2025-01-06T14:49:15.655Z",
    "dateUpdated": "2025-01-08T15:44:53.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0245\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-01-07T16:15:39.167\",\"lastModified\":\"2025-01-08T16:15:37.693\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134.\"},{\"lang\":\"es\",\"value\":\"En determinadas circunstancias, se podr\u00eda haber omitido una configuraci\u00f3n de usuario que obligaba a Focus a solicitar autenticaci\u00f3n antes de su uso. Esta vulnerabilidad afecta a Firefox \u0026lt; 134.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1895342\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-01/\",\"source\":\"security@mozilla.org\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0245\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-08T15:32:24.869675Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-08T15:44:48.935Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Jurrie Overgoor\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"134\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1895342\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2025-01/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Lock screen setting bypass in Firefox Focus for Android\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2025-01-07T16:07:05.265Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0245\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-08T15:44:53.357Z\", \"dateReserved\": \"2025-01-06T14:49:15.655Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2025-01-07T16:07:05.265Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

wid-sec-w-2025-0026

Vulnerability from csaf_certbund

Published

2025-01-07 23:00

Modified

2025-01-19 23:00

Summary

Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Firefox ist ein Open Source Web Browser. ESR ist die Variante mit verlängertem Support. Thunderbird ist ein Open Source E-Mail Client.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Firefox ESR und Thunderbird ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, Sicherheitsmaßnahmen zu umgehen oder Spoofing-Angriffe durchzuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Firefox ist ein Open Source Web Browser.\r\nESR ist die Variante mit verl\u00e4ngertem Support.\r\nThunderbird ist ein Open Source E-Mail Client.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox, Firefox ESR und Thunderbird ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0026 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0026.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0026 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0026"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory 2025-01 vom 2025-01-07",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory 2025-02 vom 2025-01-07",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/"
      },
      {
        "category": "external",
        "summary": "Mozilla Foundation Security Advisory 2025-03 vom 2025-01-07",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0080 vom 2025-01-08",
        "url": "https://access.redhat.com/errata/RHSA-2025:0080"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0135 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0135"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5839 vom 2025-01-08",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00000.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0147 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0147"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0137 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0137"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0144 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0144"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0134 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0134"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7191-1 vom 2025-01-09",
        "url": "https://ubuntu.com/security/notices/USN-7191-1"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14619-1 vom 2025-01-08",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LKLU2J7H4YLXHVAZAROZZL5CYOTGOZOX/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0136 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0136"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0138 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0138"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0132 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0132"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0133 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0133"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory MFSA2025-04 vom 2025-01-09",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/"
      },
      {
        "category": "external",
        "summary": "Mozilla Security Advisory MFSA2025-05 vom 2025-01-09",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0162 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0162"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0166 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0166"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0165 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0165"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0167 vom 2025-01-09",
        "url": "https://access.redhat.com/errata/RHSA-2025:0167"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0056-1 vom 2025-01-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020078.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2025-91031F9DF9 vom 2025-01-09",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-91031f9df9"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0059-1 vom 2025-01-10",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6WDZ4I2RM65AJXNTZMQQW3L2FNG4LVJS/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4012 vom 2025-01-11",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0144 vom 2025-01-11",
        "url": "http://linux.oracle.com/errata/ELSA-2025-0144.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:0144 vom 2025-01-11",
        "url": "https://errata.build.resf.org/RLSA-2025:0144"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4011 vom 2025-01-11",
        "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00003.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0147 vom 2025-01-11",
        "url": "http://linux.oracle.com/errata/ELSA-2025-0147.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5841 vom 2025-01-10",
        "url": "https://lists.debian.org/debian-security-announce/2025/msg00002.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0080 vom 2025-01-11",
        "url": "http://linux.oracle.com/errata/ELSA-2025-0080.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0287 vom 2025-01-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:0287"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0286 vom 2025-01-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:0286"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0284 vom 2025-01-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:0284"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0281 vom 2025-01-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:0281"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2025:0275 vom 2025-01-13",
        "url": "https://access.redhat.com/errata/RHSA-2025:0275"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0080-1 vom 2025-01-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/3TLV52643D5O3CTQECGW2XT2WTYPVUM3/"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14630-1 vom 2025-01-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GF5AMCD43NSPZ373YVOYZALNIIIRXFV4/"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-0281 vom 2025-01-14",
        "url": "http://linux.oracle.com/errata/ELSA-2025-0281.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:14648-1 vom 2025-01-16",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Q2BXA7IOGMK76W2OZSY2IVZEHTAOGRVP/"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2025:0281 vom 2025-01-17",
        "url": "https://errata.build.resf.org/RLSA-2025:0281"
      }
    ],
    "source_lang": "en-US",
    "title": "Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-19T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-20T09:18:23.474+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0026",
      "initial_release_date": "2025-01-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-01-08T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Mozilla, Red Hat, Debian, Ubuntu und openSUSE aufgenommen"
        },
        {
          "date": "2025-01-09T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat, SUSE und Fedora aufgenommen"
        },
        {
          "date": "2025-01-12T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian, Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE, openSUSE und Oracle Linux aufgenommen"
        },
        {
          "date": "2025-01-16T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von openSUSE aufgenommen"
        },
        {
          "date": "2025-01-19T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c134",
                "product": {
                  "name": "Mozilla Firefox \u003c134",
                  "product_id": "T040047"
                }
              },
              {
                "category": "product_version",
                "name": "134",
                "product": {
                  "name": "Mozilla Firefox 134",
                  "product_id": "T040047-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox:134"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c115.19",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c115.19",
                  "product_id": "T040048"
                }
              },
              {
                "category": "product_version",
                "name": "115.19",
                "product": {
                  "name": "Mozilla Firefox ESR 115.19",
                  "product_id": "T040048-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:115.19"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c128.6",
                "product": {
                  "name": "Mozilla Firefox ESR \u003c128.6",
                  "product_id": "T040049"
                }
              },
              {
                "category": "product_version",
                "name": "128.6",
                "product": {
                  "name": "Mozilla Firefox ESR 128.6",
                  "product_id": "T040049-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:firefox_esr:128.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Firefox ESR"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c134",
                "product": {
                  "name": "Mozilla Thunderbird \u003c134",
                  "product_id": "T040100"
                }
              },
              {
                "category": "product_version",
                "name": "134",
                "product": {
                  "name": "Mozilla Thunderbird 134",
                  "product_id": "T040100-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:134"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cESR 128.6",
                "product": {
                  "name": "Mozilla Thunderbird \u003cESR 128.6",
                  "product_id": "T040105"
                }
              },
              {
                "category": "product_version",
                "name": "ESR 128.6",
                "product": {
                  "name": "Mozilla Thunderbird ESR 128.6",
                  "product_id": "T040105-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:mozilla:thunderbird:esr_128.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Thunderbird"
          }
        ],
        "category": "vendor",
        "name": "Mozilla"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-0237",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0237"
    },
    {
      "cve": "CVE-2025-0238",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0238"
    },
    {
      "cve": "CVE-2025-0239",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0239"
    },
    {
      "cve": "CVE-2025-0240",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0240"
    },
    {
      "cve": "CVE-2025-0241",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0241"
    },
    {
      "cve": "CVE-2025-0242",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0242"
    },
    {
      "cve": "CVE-2025-0243",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0243"
    },
    {
      "cve": "CVE-2025-0244",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0244"
    },
    {
      "cve": "CVE-2025-0245",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0245"
    },
    {
      "cve": "CVE-2025-0246",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0246"
    },
    {
      "cve": "CVE-2025-0247",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Mozilla Firefox, Mozilla Firefox ESR und Thunderbird. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen aufgrund verschiedener Sicherheitsprobleme, darunter ein Use-after-free, eine unsachgem\u00e4\u00dfe Eingabevalidierung und andere. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um erweiterte Rechte zu erlangen, beliebigen Code auszuf\u00fchren, vertrauliche Informationen preiszugeben, Sicherheitsma\u00dfnahmen zu umgehen oder Spoofing-Angriffe durchzuf\u00fchren. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T004914",
          "T032255",
          "74185",
          "2951",
          "T002207",
          "T000126",
          "T027843",
          "T040105",
          "T040049",
          "T040048",
          "T040047",
          "T040100"
        ]
      },
      "release_date": "2025-01-07T23:00:00.000+00:00",
      "title": "CVE-2025-0247"
    }
  ]
}

ghsa-2g52-qw8q-wfr9

Vulnerability from github

Published

2025-01-07 18:30

Modified

2025-01-08 18:30

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-0245"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-07T16:15:39Z",
    "severity": "LOW"
  },
  "details": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134.",
  "id": "GHSA-2g52-qw8q-wfr9",
  "modified": "2025-01-08T18:30:48Z",
  "published": "2025-01-07T18:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0245"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

ncsc-2025-0016

Vulnerability from csaf_ncscnl

Published

2025-01-15 11:47

Modified

2025-01-15 11:47

Summary

Kwetsbaarheden verholpen in Mozilla Firefox en Thunderbird

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Mozilla heeft kwetsbaarheden verholpen in Firefox en Thunderbird (Specifiek voor versies onder 134 en 128.6).

Interpretaties

De kwetsbaarheden omvatten onder andere client-side path traversal, privilege escalation en use-after-free condities. Deze kwetsbaarheden kunnen door kwaadwillenden worden misbruikt om ongeautoriseerde toegang te verkrijgen, crashes te veroorzaken of mogelijkerwijze willekeurige code uit te voeren.

Oplossingen

Mozilla heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-441

Unintended Proxy or Intermediary ('Confused Deputy')

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-451

User Interface (UI) Misrepresentation of Critical Information

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416

Use After Free

CWE-295

Improper Certificate Validation

CWE-863

Incorrect Authorization

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-787

Out-of-bounds Write

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-20

Improper Input Validation

CWE-346

Origin Validation Error

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Mozilla heeft kwetsbaarheden verholpen in Firefox en Thunderbird (Specifiek voor versies onder 134 en 128.6).",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten onder andere client-side path traversal, privilege escalation en use-after-free condities. Deze kwetsbaarheden kunnen door kwaadwillenden worden misbruikt om ongeautoriseerde toegang te verkrijgen, crashes te veroorzaken of mogelijkerwijze willekeurige code uit te voeren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Mozilla heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
        "title": "CWE-441"
      },
      {
        "category": "general",
        "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
        "title": "CWE-601"
      },
      {
        "category": "general",
        "text": "Authentication Bypass Using an Alternate Path or Channel",
        "title": "CWE-288"
      },
      {
        "category": "general",
        "text": "User Interface (UI) Misrepresentation of Critical Information",
        "title": "CWE-451"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Origin Validation Error",
        "title": "CWE-346"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-06/"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-05/"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-04/"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/"
      },
      {
        "category": "external",
        "summary": "Reference - certbundde",
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Mozilla Firefox en Thunderbird",
    "tracking": {
      "current_release_date": "2025-01-15T11:47:27.276959Z",
      "id": "NCSC-2025-0016",
      "initial_release_date": "2025-01-15T11:47:27.276959Z",
      "revision_history": [
        {
          "date": "2025-01-15T11:47:27.276959Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "firefox",
            "product": {
              "name": "firefox",
              "product_id": "CSAFPID-2331",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox",
            "product": {
              "name": "firefox",
              "product_id": "CSAFPID-1748410",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox:134:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox",
            "product": {
              "name": "firefox",
              "product_id": "CSAFPID-1748411",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox:134:*:*:*:*:android:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox",
            "product": {
              "name": "firefox",
              "product_id": "CSAFPID-1749023",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox:134:*:*:*:*:ios:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox_esr",
            "product": {
              "name": "firefox_esr",
              "product_id": "CSAFPID-2332",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox_esr",
            "product": {
              "name": "firefox_esr",
              "product_id": "CSAFPID-1748414",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox_esr:115.19:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox_esr",
            "product": {
              "name": "firefox_esr",
              "product_id": "CSAFPID-1748413",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox_esr:128.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox_esr",
            "product": {
              "name": "firefox_esr",
              "product_id": "CSAFPID-1611465",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox_esr:128:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "firefox_for_ios",
            "product": {
              "name": "firefox_for_ios",
              "product_id": "CSAFPID-2345",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "thunderbird",
            "product": {
              "name": "thunderbird",
              "product_id": "CSAFPID-2333",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "thunderbird",
            "product": {
              "name": "thunderbird",
              "product_id": "CSAFPID-1749090",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:thunderbird:128.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "thunderbird",
            "product": {
              "name": "thunderbird",
              "product_id": "CSAFPID-1748633",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:thunderbird:134:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "thunderbird_esr",
            "product": {
              "name": "thunderbird_esr",
              "product_id": "CSAFPID-1498857",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:thunderbird_esr:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "thunderbird_esr",
            "product": {
              "name": "thunderbird_esr",
              "product_id": "CSAFPID-1748632",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:mozilla:thunderbird_esr:128.6:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "mozilla"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-50336",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2333"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50336",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50336.json"
        }
      ],
      "title": "CVE-2024-50336"
    },
    {
      "cve": "CVE-2025-0237",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
          "title": "CWE-441"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0237",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0237.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0237"
    },
    {
      "cve": "CVE-2025-0238",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0238",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0238.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0238"
    },
    {
      "cve": "CVE-2025-0239",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0239",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0239.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0239"
    },
    {
      "cve": "CVE-2025-0240",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0240",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0240.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0240"
    },
    {
      "cve": "CVE-2025-0241",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0241",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0241.json"
        }
      ],
      "title": "CVE-2025-0241"
    },
    {
      "cve": "CVE-2025-0242",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0242",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0242.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0242"
    },
    {
      "cve": "CVE-2025-0243",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333",
          "CSAFPID-1498857"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0243",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0243.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333",
            "CSAFPID-1498857"
          ]
        }
      ],
      "title": "CVE-2025-0243"
    },
    {
      "cve": "CVE-2025-0244",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
          "title": "CWE-601"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "User Interface (UI) Misrepresentation of Critical Information",
          "title": "CWE-451"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0244",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0244.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333"
          ]
        }
      ],
      "title": "CVE-2025-0244"
    },
    {
      "cve": "CVE-2025-0245",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass Using an Alternate Path or Channel",
          "title": "CWE-288"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0245",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0245.json"
        }
      ],
      "title": "CVE-2025-0245"
    },
    {
      "cve": "CVE-2025-0246",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "User Interface (UI) Misrepresentation of Critical Information",
          "title": "CWE-451"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0246",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0246.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333"
          ]
        }
      ],
      "title": "CVE-2025-0246"
    },
    {
      "cve": "CVE-2025-0247",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
          "title": "CWE-120"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2331",
          "CSAFPID-2332",
          "CSAFPID-2333"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-0247",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-0247.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2331",
            "CSAFPID-2332",
            "CSAFPID-2333"
          ]
        }
      ],
      "title": "CVE-2025-0247"
    },
    {
      "cve": "CVE-2025-23108",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2345",
          "CSAFPID-2331"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-23108",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23108.json"
        }
      ],
      "title": "CVE-2025-23108"
    },
    {
      "cve": "CVE-2025-23109",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Origin Validation Error",
          "title": "CWE-346"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2345",
          "CSAFPID-2331"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-23109",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-23109.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2345",
            "CSAFPID-2331"
          ]
        }
      ],
      "title": "CVE-2025-23109"
    }
  ]
}

fkie_cve-2025-0245

Vulnerability from fkie_nvd

Published

2025-01-07 16:15

Modified

2025-01-08 16:15

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Summary

Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134.

References

▼	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1895342
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-01/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox \u003c 134."
    },
    {
      "lang": "es",
      "value": "En determinadas circunstancias, se podr\u00eda haber omitido una configuraci\u00f3n de usuario que obligaba a Focus a solicitar autenticaci\u00f3n antes de su uso. Esta vulnerabilidad afecta a Firefox \u0026lt; 134."
    }
  ],
  "id": "CVE-2025-0245",
  "lastModified": "2025-01-08T16:15:37.693",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-07T16:15:39.167",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895342"
    },
    {
      "source": "security@mozilla.org",
      "url": "https://www.mozilla.org/security/advisories/mfsa2025-01/"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2025-0245

Vulnerability from cvelistv5

wid-sec-w-2025-0026

Vulnerability from csaf_certbund

ghsa-2g52-qw8q-wfr9

Vulnerability from github

ncsc-2025-0016

Vulnerability from csaf_ncscnl

fkie_cve-2025-0245

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature