VDB

GCVE-110-NCSC-2025-40

GCVE-110-NCSC-2025-40
Advisory PublishedCVSS 9.8/10
Vulnetix · Advisory published February 7, 2025
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-416Use After FreeCWE-404Improper Resource Shutdown or ReleaseCWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')CWE-295Improper Certificate ValidationCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Risk Scores

CVSS 3.1
9.8/10
Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
mozillafirefox_esr
mozillafirefox
mozillathunderbird

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›