VDB

GCVE-110-NCSC-2025-16

GCVE-110-NCSC-2025-16
Advisory PublishedCVSS 6.8/10
Vulnetix · Advisory published January 15, 2025
Mozilla heeft kwetsbaarheden verholpen in Firefox en Thunderbird (Specifiek voor versies onder 134 en 128.6).

Weaknesses (CWE)

CWE-346Origin Validation ErrorCWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-863Incorrect AuthorizationCWE-416Use After FreeCWE-295Improper Certificate ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds WriteCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-20Improper Input ValidationCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Risk Scores

CVSS 3.1
6.8/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
mozillafirefox_esr
mozillafirefox_for_ios
mozillafirefox
mozillathunderbird_esr
mozillathunderbird

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›