GCVE-VVD-NCSC-2025-325 — Vulnetix

GCVE-VVD-NCSC-2025-325

Advisory PublishedCVSS 9.8/10

Vulnetix · Advisory published October 20, 2025

A use-after-free vulnerability in MediaTrackGraphImpl::GetInstance() affects Firefox and Thunderbird versions below 144, with specific ESR versions also impacted, as assessed by Red Hat Product Security.

Download JSON Open in Console

Weaknesses (CWE)

CWE-416Use After FreeCWE-125Out-of-bounds ReadCWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-284Improper Access ControlCWE-436Interpretation ConflictCWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-200Exposure of Sensitive Information to an Unauthorized ActorCWE-451User Interface (UI) Misrepresentation of Critical Information

Risk Scores

CVSS 3.1

9.8/10

Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions	Platforms
Mozilla	vers:unknown/*	—	—

Aliases

CVE-2025-11711 CVE-2025-11710 CVE-2025-11709 CVE-2025-11721 CVE-2025-11716 CVE-2025-11717 CVE-2025-11712 CVE-2025-11718 CVE-2025-11719 CVE-2025-11713 CVE-2025-11708 CVE-2025-11720 CVE-2025-11714 CVE-2025-11715

Transitive aliases

VVD-ANCHORE-2025-10535 GHSA-2w9w-fgq6-2vmc ALSA-2025:18321 CVE-2025-10528 VVD-ANCHORE-2025-10529 CVE-2025-13024 VVD-ANCHORE-2025-13016 GHSA-hmr9-3q48-52hr BDU:2025-13289 GHSA-74x5-q3v4-qjxx BDU:2025-14547 CNVD-2025-24634 BDU:2025-14508 GHSA-pwc5-5wfj-q75c CVE-2025-10532 SUSE-SU-2025:03291-1 CNVD-2025-24652 VVD-MAGEIA-2025-305 CVE-2025-10527 ALSA-2025:16108 OPENSUSE-SU-2025:20021-1 GHSA-9qv5-m6vr-vh73 VVD-ANCHORE-2025-10537 ALSA-2025:18155 GHSA-hjv3-x37x-j8jm WID-SEC-W-2025-2275 RHSA-2025:17345 OPENSUSE-SU-2025:15555-1 BDU:2025-11383 CVE-2025-13027 BDU:2025-14545 VVD-ANCHORE-2025-13026 RHSA-2025:17340 GHSA-gwf4-vcvc-4rjv BDU:2025-14510 VVD-ANCHORE-2025-11712 CVE-2025-13013 CVE-2025-13015 BDU:2025-14544 CVE-2025-10536 VVD-ANCHORE-2025-10532 BDU:2025-13292 VVD-ANCHORE-2025-11709 CNVD-2025-24620 RHSA-2025:16260 RHSA-2025:17372 CNVD-2025-24636 GHSA-wjhw-rxqj-2g2h VVD-ANCHORE-2025-10533 CVE-2025-13019 BDU:2025-11384 ALSA-2025:21881 VVD-ANCHORE-2025-13012 BDU:2025-11334 OPENSUSE-SU-2025:20065-1 GHSA-h7jc-cc8w-wcwg GHSA-2p9h-v8v8-2j3w ALSA-2025:16260 GHSA-f2wr-3fjg-j32f GHSA-pww6-475j-f225 CVE-2025-10290 VVD-ANCHORE-2025-10527 VVD-ANCHORE-2025-11708 RHSA-2025:16589 BDU:2025-11378 BDU:2025-14550 VVD-ANCHORE-2025-10530 GHSA-rf6g-cf9f-g4v7 VVD-ANCHORE-2025-11714 RHSA-2025:17371 GHSA-5qj7-cv36-4gxh CNVD-2025-24651 VVD-ANCHORE-2025-13019 RHSA-2025:17373 GHSA-2w7r-ggfp-x894 BDU:2025-14509 CVE-2025-13018 NCSC-2025-0325 OPENSUSE-SU-2025-20021-1 OPENSUSE-SU-2025:15735-1 ALSA-2025:22363 VVD-ANCHORE-2025-13015 GHSA-v5ww-rww6-gq76 ALSA-2025:21281 GHSA-8q64-5xmq-2f45 VVD-ANCHORE-2025-13014 CVE-2025-10530 VVD-MAGEIA-2025-300 VVD-ANCHORE-2025-13023 VVD-ANCHORE-2025-11710 GHSA-cqj3-wx7w-jfx6 BDU:2025-14553 CVE-2025-13014 OPENSUSE-SU-2025:15560-1 BDU:2025-11381 CNVD-2025-26890 CNVD-2025-28722 GHSA-mv5g-cf64-38cv VVD-ANCHORE-2025-11715 RHSA-2025:16157 ALSA-2025:18285 BDU:2025-11332 VVD-ANCHORE-2025-13024 WID-SEC-W-2025-2074 ALSA-2025:16156 GHSA-jcc8-69x6-295g GHSA-vpvq-m4pf-x2cp ALSA-2025:21280 VVD-ANCHORE-2025-10534 VVD-ANCHORE-2025-13025 OPENSUSE-SU-2025-20065-1 VVD-ANCHORE-2025-11713 CVE-2025-13021 GHSA-v7r3-hxvj-7w2p CNVD-2025-24637 RHSA-2025:17341 CVE-2025-10531 SUSE-SU-2025:03287-1 GHSA-5vxr-wr7m-x3p3 GHSA-ff52-484q-63r5 GHSA-wvmm-cxmc-39xj GHSA-vcwp-4m7w-hxfh SUSE-SU-2025:21021-1 BDU:2025-11377 GHSA-75p5-w5j4-v8qj CVE-2025-10529 CVE-2025-13012 VVD-ANCHORE-2025-10536 VVD-MAGEIA-2025-246 CVE-2025-13016 RHSA-2025:16156 RHSA-2025:17342 BDU:2025-11379 VVD-ANCHORE-2025-13013 GHSA-63qq-765j-587x RHSA-2025:17344 CVE-2025-13022 GHSA-8prr-wp36-5mv2 CNVD-2025-24639 GHSA-mqxv-fv77-3585 BDU:2025-13250 VVD-ANCHORE-2025-11716 GHSA-579p-jcg6-h5r2 CVE-2025-13025 VVD-ANCHORE-2025-13020 ALSA-2025:16589 BDU:2025-11380 CNVD-2025-24653 VVD-MAGEIA-2025-247 RHSA-2025:17374 BDU:2025-11382 GHSA-2q3p-f6j6-9qhj BDU:2025-14087 CNVD-2025-28723 VVD-ANCHORE-2025-11711 CVE-2025-13017 CVE-2025-13020 RHSA-2025:17343 RHSA-2025:16108 GHSA-ghxv-675w-53v8 BDU:2025-14554 GHSA-pvxc-5v6m-8cm2 VVD-ANCHORE-2025-13017 VVD-ANCHORE-2025-13018 GHSA-53qc-r462-795h RHSA-2025:17367 CNVD-2025-24629 GHSA-wjv8-8vf9-mrv8 CNVD-2025-24638 BDU:2025-14552 GHSA-p2g2-wp3h-q672 VVD-ANCHORE-2025-10531 GHSA-p8g8-q63w-8jgm CVE-2025-10533 CVE-2025-10534 ALSA-2025:16109 BDU:2025-14549 CNVD-2025-24635 GHSA-hjm2-5w4g-m8j2 GHSA-h6qg-7fq8-gw5h VVD-ANCHORE-2025-13021 ALSA-2025:18983 BDU:2025-13249 CNVD-2025-26891 GHSA-r25g-xjc5-pcrv CVE-2025-10535 SUSE-SU-2025:03309-1 OPENSUSE-SU-2025:15565-1 BDU:2025-14548 CNVD-2025-28720 BDU:2025-14538 RHSA-2025:17368 RHSA-2025:17378 RHSA-2025:17453 VVD-ANCHORE-2025-10528 GHSA-xp5g-gff9-qvvx ALSA-2025:18320 BDU:2025-13293 BDU:2025-13294 ALSA-2025:21843 VVD-ANCHORE-2025-13027 CNVD-2025-24646 WID-SEC-W-2025-2566 CVE-2025-13026 RHSA-2025:17346 CVE-2025-13023 BDU:2025-14551 BDU:2025-14088 BDU:2025-13290 BDU:2025-13288 CVE-2025-10537 CNVD-2025-28721 BDU:2025-13291 RHSA-2025:16109 BDU:2025-11333 VVD-ANCHORE-2025-10290 BDU:2025-14085 VVD-ANCHORE-2025-13022 BDU:2025-14086 OPENSUSE-SU-2025:15645-1 ALSA-2025:18154 ALSA-2025:16157 BDU:2025-14546

References

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON

$ Console Community · 100/wk Open console ›