VDB

GCVE-110-NCSC-2025-142

GCVE-110-NCSC-2025-142
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published May 6, 2025
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-125Out-of-bounds ReadCWE-284Improper Access ControlCWE-138Improper Neutralization of Special ElementsCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
Mozillavers:mozilla/<128.10
Mozillavers:mozilla/<115.23
Mozillavers:mozilla/<138

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›