Refine your search
810 vulnerabilities found for Firefox ESR by Mozilla
CERTFR-2026-AVI-0615
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 151 | ||
| Mozilla | Firefox | Firefox versions antérieures à 151 | ||
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 151.0 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.11 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.36 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.11 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 151",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 151",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 151.0",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.11",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.36",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.11",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-8975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8975"
},
{
"name": "CVE-2026-8961",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8961"
},
{
"name": "CVE-2026-8946",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8946"
},
{
"name": "CVE-2026-8948",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8948"
},
{
"name": "CVE-2026-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8945"
},
{
"name": "CVE-2026-8958",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8958"
},
{
"name": "CVE-2026-8974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8974"
},
{
"name": "CVE-2026-8964",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8964"
},
{
"name": "CVE-2026-8973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8973"
},
{
"name": "CVE-2026-8954",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8954"
},
{
"name": "CVE-2026-8957",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8957"
},
{
"name": "CVE-2026-8951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8951"
},
{
"name": "CVE-2026-8952",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8952"
},
{
"name": "CVE-2026-8706",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8706"
},
{
"name": "CVE-2026-8956",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8956"
},
{
"name": "CVE-2026-8967",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8967"
},
{
"name": "CVE-2026-8971",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8971"
},
{
"name": "CVE-2026-8953",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8953"
},
{
"name": "CVE-2026-8970",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8970"
},
{
"name": "CVE-2026-8965",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8965"
},
{
"name": "CVE-2026-8949",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8949"
},
{
"name": "CVE-2026-8972",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8972"
},
{
"name": "CVE-2026-8969",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8969"
},
{
"name": "CVE-2026-8401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8401"
},
{
"name": "CVE-2026-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8391"
},
{
"name": "CVE-2026-8962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8962"
},
{
"name": "CVE-2026-8963",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8963"
},
{
"name": "CVE-2026-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8388"
},
{
"name": "CVE-2026-8968",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8968"
},
{
"name": "CVE-2026-8966",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8966"
},
{
"name": "CVE-2026-8960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8960"
},
{
"name": "CVE-2026-8950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8950"
},
{
"name": "CVE-2026-8959",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8959"
},
{
"name": "CVE-2026-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8947"
},
{
"name": "CVE-2026-8955",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8955"
}
],
"initial_release_date": "2026-05-20T00:00:00",
"last_revision_date": "2026-05-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0615",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-47",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-47/"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-46",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-50",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-50/"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-48",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-48/"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-49",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-49/"
},
{
"published_at": "2026-05-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-51",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-51/"
}
]
}
CERTFR-2026-AVI-0555
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 150.0.2 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.10.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.35.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.10.2 | ||
| Mozilla | Firefox | Firefox versions antérieures à 150.0.2 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 140.10.2 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 150.0.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.10.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.35.2",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.10.2",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 150.0.2",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 140.10.2",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-8092",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8092"
},
{
"name": "CVE-2026-8094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8094"
},
{
"name": "CVE-2026-8091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8091"
},
{
"name": "CVE-2026-8090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8090"
},
{
"name": "CVE-2026-8093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8093"
}
],
"initial_release_date": "2026-05-11T00:00:00",
"last_revision_date": "2026-05-11T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0555",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-43",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-43/"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-42",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-42/"
},
{
"published_at": "2026-05-08",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-44",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-44/"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-40",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-40/"
},
{
"published_at": "2026-05-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-41",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-41/"
}
]
}
CERTFR-2026-AVI-0507
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.35.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 150.0.1 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.10.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.35.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 150.0.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.10.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-7324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7324"
},
{
"name": "CVE-2026-7323",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7323"
},
{
"name": "CVE-2026-7322",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7322"
},
{
"name": "CVE-2026-7320",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7320"
},
{
"name": "CVE-2026-7321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7321"
}
],
"initial_release_date": "2026-04-29T00:00:00",
"last_revision_date": "2026-04-29T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0507",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-37",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-37/"
},
{
"published_at": "2026-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-35",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-35/"
},
{
"published_at": "2026-04-28",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-36",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-36/"
}
]
}
CERTFR-2026-AVI-0480
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.10 | ||
| Mozilla | Firefox | Firefox versions antérieures à 150 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.35 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 150 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.10 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.10",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 150",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.35",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 150",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.10",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-6772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6772"
},
{
"name": "CVE-2026-6747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6747"
},
{
"name": "CVE-2026-6782",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6782"
},
{
"name": "CVE-2026-6786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6786"
},
{
"name": "CVE-2026-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6750"
},
{
"name": "CVE-2026-6757",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6757"
},
{
"name": "CVE-2026-6768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6768"
},
{
"name": "CVE-2026-6746",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6746"
},
{
"name": "CVE-2026-6761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6761"
},
{
"name": "CVE-2026-6762",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6762"
},
{
"name": "CVE-2026-6769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6769"
},
{
"name": "CVE-2026-6751",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6751"
},
{
"name": "CVE-2026-6780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6780"
},
{
"name": "CVE-2026-6765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6765"
},
{
"name": "CVE-2026-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2781"
},
{
"name": "CVE-2026-6773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6773"
},
{
"name": "CVE-2026-6754",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6754"
},
{
"name": "CVE-2026-6781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6781"
},
{
"name": "CVE-2026-6756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6756"
},
{
"name": "CVE-2026-6758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6758"
},
{
"name": "CVE-2026-6785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6785"
},
{
"name": "CVE-2026-6783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6783"
},
{
"name": "CVE-2026-6760",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6760"
},
{
"name": "CVE-2026-6759",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6759"
},
{
"name": "CVE-2026-6774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6774"
},
{
"name": "CVE-2026-6779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6779"
},
{
"name": "CVE-2026-6777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6777"
},
{
"name": "CVE-2026-6748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6748"
},
{
"name": "CVE-2026-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6778"
},
{
"name": "CVE-2026-6752",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6752"
},
{
"name": "CVE-2026-6767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6767"
},
{
"name": "CVE-2026-6775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6775"
},
{
"name": "CVE-2026-6749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6749"
},
{
"name": "CVE-2026-6771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6771"
},
{
"name": "CVE-2026-6753",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6753"
},
{
"name": "CVE-2026-6764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6764"
},
{
"name": "CVE-2026-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6763"
},
{
"name": "CVE-2026-6776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6776"
},
{
"name": "CVE-2026-6766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6766"
},
{
"name": "CVE-2026-6770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6770"
},
{
"name": "CVE-2026-6784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6784"
},
{
"name": "CVE-2026-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6755"
}
],
"initial_release_date": "2026-04-22T00:00:00",
"last_revision_date": "2026-04-22T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0480",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-32",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-34",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-33",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-33/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-31",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-31/"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-30",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/"
}
]
}
CERTFR-2026-AVI-0404
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.9.1 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 140.9.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 149.0.2 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 149.0.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.34.1 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.9.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 140.9.1",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 149.0.2",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 149.0.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.34.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-5731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5731"
},
{
"name": "CVE-2026-5733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5733"
},
{
"name": "CVE-2026-5732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5732"
},
{
"name": "CVE-2026-5734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5734"
},
{
"name": "CVE-2026-5735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5735"
}
],
"initial_release_date": "2026-04-08T00:00:00",
"last_revision_date": "2026-04-08T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0404",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-26",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-26/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-28",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-28/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-25",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-25/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-29",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-29/"
},
{
"published_at": "2026-04-07",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-27",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-27/"
}
]
}
CERTFR-2026-AVI-0354
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 149 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.9 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 149 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.9 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.34 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 149",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.34",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-4684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4684"
},
{
"name": "CVE-2026-4721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4721"
},
{
"name": "CVE-2026-4725",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4725"
},
{
"name": "CVE-2026-4728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4728"
},
{
"name": "CVE-2026-4720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4720"
},
{
"name": "CVE-2026-4710",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4710"
},
{
"name": "CVE-2026-4694",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4694"
},
{
"name": "CVE-2026-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4698"
},
{
"name": "CVE-2026-4690",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4690"
},
{
"name": "CVE-2026-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4697"
},
{
"name": "CVE-2026-4689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4689"
},
{
"name": "CVE-2026-4711",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4711"
},
{
"name": "CVE-2026-4706",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4706"
},
{
"name": "CVE-2026-4715",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4715"
},
{
"name": "CVE-2026-4729",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4729"
},
{
"name": "CVE-2026-4696",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4696"
},
{
"name": "CVE-2026-4726",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4726"
},
{
"name": "CVE-2026-4687",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4687"
},
{
"name": "CVE-2026-4709",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4709"
},
{
"name": "CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"name": "CVE-2026-4714",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4714"
},
{
"name": "CVE-2026-4699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4699"
},
{
"name": "CVE-2026-4695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4695"
},
{
"name": "CVE-2026-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4693"
},
{
"name": "CVE-2026-3889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3889"
},
{
"name": "CVE-2026-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4692"
},
{
"name": "CVE-2026-4701",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4701"
},
{
"name": "CVE-2026-4724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4724"
},
{
"name": "CVE-2026-4705",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4705"
},
{
"name": "CVE-2026-4717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4717"
},
{
"name": "CVE-2026-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4700"
},
{
"name": "CVE-2026-4723",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4723"
},
{
"name": "CVE-2026-4688",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4688"
},
{
"name": "CVE-2026-4712",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4712"
},
{
"name": "CVE-2026-4707",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4707"
},
{
"name": "CVE-2026-4716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4716"
},
{
"name": "CVE-2026-4704",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4704"
},
{
"name": "CVE-2026-4727",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4727"
},
{
"name": "CVE-2026-4722",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4722"
},
{
"name": "CVE-2026-4713",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4713"
},
{
"name": "CVE-2026-4718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4718"
},
{
"name": "CVE-2026-4685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4685"
},
{
"name": "CVE-2026-4702",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4702"
},
{
"name": "CVE-2026-4719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4719"
},
{
"name": "CVE-2026-4708",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4708"
},
{
"name": "CVE-2026-4371",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4371"
},
{
"name": "CVE-2026-4691",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4691"
},
{
"name": "CVE-2026-4686",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4686"
}
],
"initial_release_date": "2026-03-25T00:00:00",
"last_revision_date": "2026-03-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-20",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-20/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-24",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-24/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-23",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-23/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-22",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-22/"
},
{
"published_at": "2026-03-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-21/"
}
]
}
CERTFR-2026-AVI-0204
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 147.4 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.8 | ||
| Mozilla | Firefox | Firefox versions antérieures à 148 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.33 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 148 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 147.4",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.8",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 148",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.33",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 148",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.8",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-2777",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2777"
},
{
"name": "CVE-2026-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2773"
},
{
"name": "CVE-2026-2763",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2763"
},
{
"name": "CVE-2026-2783",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2783"
},
{
"name": "CVE-2026-2786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2786"
},
{
"name": "CVE-2026-2778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2778"
},
{
"name": "CVE-2026-2788",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2788"
},
{
"name": "CVE-2026-2758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2758"
},
{
"name": "CVE-2026-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2779"
},
{
"name": "CVE-2026-2771",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2771"
},
{
"name": "CVE-2026-2769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2769"
},
{
"name": "CVE-2026-2799",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2799"
},
{
"name": "CVE-2026-2775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2775"
},
{
"name": "CVE-2026-2790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2790"
},
{
"name": "CVE-2026-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2784"
},
{
"name": "CVE-2026-2806",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2806"
},
{
"name": "CVE-2026-2760",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2760"
},
{
"name": "CVE-2026-2792",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2792"
},
{
"name": "CVE-2026-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2807"
},
{
"name": "CVE-2026-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2781"
},
{
"name": "CVE-2026-2759",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2759"
},
{
"name": "CVE-2026-2776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2776"
},
{
"name": "CVE-2026-2764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2764"
},
{
"name": "CVE-2026-2762",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2762"
},
{
"name": "CVE-2026-2791",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2791"
},
{
"name": "CVE-2026-2797",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2797"
},
{
"name": "CVE-2026-2794",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2794"
},
{
"name": "CVE-2026-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2765"
},
{
"name": "CVE-2026-2770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2770"
},
{
"name": "CVE-2026-2768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2768"
},
{
"name": "CVE-2026-2802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2802"
},
{
"name": "CVE-2026-2789",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2789"
},
{
"name": "CVE-2026-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2787"
},
{
"name": "CVE-2026-2772",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2772"
},
{
"name": "CVE-2026-2798",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2798"
},
{
"name": "CVE-2026-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2803"
},
{
"name": "CVE-2026-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2805"
},
{
"name": "CVE-2026-2780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2780"
},
{
"name": "CVE-2026-2782",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2782"
},
{
"name": "CVE-2026-2766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2766"
},
{
"name": "CVE-2026-2796",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2796"
},
{
"name": "CVE-2026-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2800"
},
{
"name": "CVE-2026-2774",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2774"
},
{
"name": "CVE-2026-2801",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2801"
},
{
"name": "CVE-2026-2785",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2785"
},
{
"name": "CVE-2026-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2634"
},
{
"name": "CVE-2026-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2757"
},
{
"name": "CVE-2026-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2761"
},
{
"name": "CVE-2026-2793",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2793"
},
{
"name": "CVE-2026-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2804"
},
{
"name": "CVE-2026-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2795"
},
{
"name": "CVE-2026-2767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2767"
}
],
"initial_release_date": "2026-02-25T00:00:00",
"last_revision_date": "2026-02-25T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0204",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-14",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-14/"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-15",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15/"
},
{
"published_at": "2026-02-20",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-12",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-12/"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-13",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13/"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-17",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17/"
},
{
"published_at": "2026-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-16",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16/"
}
]
}
CERTFR-2026-AVI-0175
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 147.2.1 | ||
| Mozilla | Thunderbird | Thunderbird versions 147.x antérieures à 147.0.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions 115.x antérieures à 115.32.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 147.0.4 | ||
| Mozilla | Thunderbird | Thunderbird versions 140.x antérieures à 140.7.2 | ||
| Mozilla | Firefox ESR | Firefox ESR versions 140.x antérieures à 140.7.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 147.2.1",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions 147.x ant\u00e9rieures \u00e0 147.0.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions 115.x ant\u00e9rieures \u00e0 115.32.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": " Firefox versions ant\u00e9rieures \u00e0 147.0.4",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions 140.x ant\u00e9rieures \u00e0 140.7.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions 140.x ant\u00e9rieures \u00e0 140.7.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-2032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2032"
},
{
"name": "CVE-2026-2447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2447"
}
],
"initial_release_date": "2026-02-17T00:00:00",
"last_revision_date": "2026-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0175",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-09",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-09/"
},
{
"published_at": "2026-02-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-11",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/"
},
{
"published_at": "2026-02-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-10",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/"
}
]
}
CERTFR-2026-AVI-0051
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.7 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.7 | ||
| Mozilla | Firefox | Firefox versions antérieures à 147 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 147 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.7",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.7",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 147",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 147",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-0885",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0885"
},
{
"name": "CVE-2026-0887",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0887"
},
{
"name": "CVE-2025-14327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14327"
},
{
"name": "CVE-2026-0879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0879"
},
{
"name": "CVE-2026-0892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0892"
},
{
"name": "CVE-2026-0877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0877"
},
{
"name": "CVE-2026-0878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0878"
},
{
"name": "CVE-2026-0883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0883"
},
{
"name": "CVE-2026-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0880"
},
{
"name": "CVE-2026-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0881"
},
{
"name": "CVE-2026-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0882"
},
{
"name": "CVE-2026-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0884"
},
{
"name": "CVE-2026-0889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0889"
},
{
"name": "CVE-2026-0888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0888"
},
{
"name": "CVE-2026-0886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0886"
},
{
"name": "CVE-2026-0890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0890"
},
{
"name": "CVE-2026-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0891"
}
],
"initial_release_date": "2026-01-15T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-05",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-04",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-04/"
}
]
}
CERTFR-2026-AVI-0038
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.32 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.7 | ||
| Mozilla | Firefox | Firefox versions antérieures à 147 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 147 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.32",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.7",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 147",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 147",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-0885",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0885"
},
{
"name": "CVE-2026-0887",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0887"
},
{
"name": "CVE-2025-14327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14327"
},
{
"name": "CVE-2026-0879",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0879"
},
{
"name": "CVE-2026-0892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0892"
},
{
"name": "CVE-2026-0877",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0877"
},
{
"name": "CVE-2026-0878",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0878"
},
{
"name": "CVE-2026-0883",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0883"
},
{
"name": "CVE-2026-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0880"
},
{
"name": "CVE-2026-0881",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0881"
},
{
"name": "CVE-2026-0882",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0882"
},
{
"name": "CVE-2026-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0884"
},
{
"name": "CVE-2026-0889",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0889"
},
{
"name": "CVE-2026-0888",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0888"
},
{
"name": "CVE-2026-0886",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0886"
},
{
"name": "CVE-2026-0890",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0890"
},
{
"name": "CVE-2026-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0891"
}
],
"initial_release_date": "2026-01-14T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0038",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-14T00:00:00.000000"
},
{
"description": "Modification d\u0027un syst\u00e8me afffect\u00e9",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-03",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-03/"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-02",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-02/"
},
{
"published_at": "2026-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2026-01",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-01/"
}
]
}
CERTFR-2025-AVI-1099
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.6 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 146 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 140.6 | ||
| Mozilla | Firefox | Firefox ESR versions antérieures à 146 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 146",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 140.6",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 146",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-14321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14321"
},
{
"name": "CVE-2025-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14330"
},
{
"name": "CVE-2025-14333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14333"
},
{
"name": "CVE-2025-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14331"
},
{
"name": "CVE-2025-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14323"
},
{
"name": "CVE-2025-14329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14329"
},
{
"name": "CVE-2025-14327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14327"
},
{
"name": "CVE-2025-14328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14328"
},
{
"name": "CVE-2025-14325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14325"
},
{
"name": "CVE-2025-14326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14326"
},
{
"name": "CVE-2025-14322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14322"
},
{
"name": "CVE-2025-14332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14332"
},
{
"name": "CVE-2025-14324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14324"
}
],
"initial_release_date": "2025-12-11T00:00:00",
"last_revision_date": "2025-12-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1099",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-95",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-95/"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-96",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-96/"
}
]
}
CERTFR-2025-AVI-1087
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.31 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.6 | ||
| Mozilla | Firefox | Firefox versions antérieures à 146 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 146 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.31",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 146",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 146",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-14321",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14321"
},
{
"name": "CVE-2025-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14330"
},
{
"name": "CVE-2025-14333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14333"
},
{
"name": "CVE-2025-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14331"
},
{
"name": "CVE-2025-14323",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14323"
},
{
"name": "CVE-2025-14329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14329"
},
{
"name": "CVE-2025-14327",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14327"
},
{
"name": "CVE-2025-14328",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14328"
},
{
"name": "CVE-2025-14325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14325"
},
{
"name": "CVE-2025-14326",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14326"
},
{
"name": "CVE-2025-14322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14322"
},
{
"name": "CVE-2025-14332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14332"
},
{
"name": "CVE-2025-14324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14324"
}
],
"initial_release_date": "2025-12-10T00:00:00",
"last_revision_date": "2025-12-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1087",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-92",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-92/"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-93",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-93/"
},
{
"published_at": "2025-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-94",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-94/"
}
]
}
CERTFR-2025-AVI-0991
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 145 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.30 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.5 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 145 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 145",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.30",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.5",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 145",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-13024",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13024"
},
{
"name": "CVE-2025-13022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13022"
},
{
"name": "CVE-2025-13019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13019"
},
{
"name": "CVE-2025-13016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13016"
},
{
"name": "CVE-2025-13023",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13023"
},
{
"name": "CVE-2025-13018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13018"
},
{
"name": "CVE-2025-13012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13012"
},
{
"name": "CVE-2025-13020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13020"
},
{
"name": "CVE-2025-13021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13021"
},
{
"name": "CVE-2025-13017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13017"
},
{
"name": "CVE-2025-13025",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13025"
},
{
"name": "CVE-2025-13015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13015"
},
{
"name": "CVE-2025-13014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13014"
},
{
"name": "CVE-2025-13027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13027"
},
{
"name": "CVE-2025-13026",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13026"
},
{
"name": "CVE-2025-13013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13013"
}
],
"initial_release_date": "2025-11-12T00:00:00",
"last_revision_date": "2025-11-12T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0991",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-88",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-88/"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-87",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-87/"
},
{
"published_at": "2025-11-11",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-89",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-89/"
}
]
}
CERTFR-2025-AVI-0873
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 144 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 144 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.29 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.4 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.4 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 144",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 144",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.29",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.4",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.4",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-11712",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11712"
},
{
"name": "CVE-2025-11710",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11710"
},
{
"name": "CVE-2025-11717",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11717"
},
{
"name": "CVE-2025-11714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11714"
},
{
"name": "CVE-2025-11709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11709"
},
{
"name": "CVE-2025-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11708"
},
{
"name": "CVE-2025-11720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11720"
},
{
"name": "CVE-2025-11721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11721"
},
{
"name": "CVE-2025-11716",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11716"
},
{
"name": "CVE-2025-11711",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11711"
},
{
"name": "CVE-2025-11718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11718"
},
{
"name": "CVE-2025-11715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11715"
},
{
"name": "CVE-2025-11713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11713"
},
{
"name": "CVE-2025-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11719"
}
],
"initial_release_date": "2025-10-15T00:00:00",
"last_revision_date": "2025-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0873",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-81",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-85",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-82",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-82/"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-83",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-84",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-84/"
}
]
}
CERTFR-2025-AVI-0797
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.3 | ||
| Mozilla | Firefox Focus | Focus pour iOS versions antérieures à 143.0 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.3 | ||
| Mozilla | Firefox | Firefox versions antérieures à 143 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.28 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 143 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.3",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Focus pour iOS versions ant\u00e9rieures \u00e0 143.0",
"product": {
"name": "Firefox Focus",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.3",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 143",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.28",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 143",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10535"
},
{
"name": "CVE-2025-10533",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10533"
},
{
"name": "CVE-2025-10530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10530"
},
{
"name": "CVE-2025-10527",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10527"
},
{
"name": "CVE-2025-10537",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10537"
},
{
"name": "CVE-2025-10532",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10532"
},
{
"name": "CVE-2025-10290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10290"
},
{
"name": "CVE-2025-10529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10529"
},
{
"name": "CVE-2025-10528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10528"
},
{
"name": "CVE-2025-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10534"
},
{
"name": "CVE-2025-10536",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10536"
},
{
"name": "CVE-2025-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10531"
}
],
"initial_release_date": "2025-09-17T00:00:00",
"last_revision_date": "2025-09-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0797",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-73",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-73/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-74",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-74/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-78",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-78/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-77",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-77/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-75",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-75/"
},
{
"published_at": "2025-09-16",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-76",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-76/"
}
]
}
CERTFR-2025-AVI-0714
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.27 | ||
| Mozilla | Firefox | Firefox versions antérieures à 142 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 142 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.14 | ||
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 142 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 128.14 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.2 | ||
| Mozilla | Firefox Focus | Firefox Focus pour iOS versions antérieures à 142 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.27",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 142",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 142",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.14",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 142",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 128.14",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.2",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox Focus pour iOS versions ant\u00e9rieures \u00e0 142",
"product": {
"name": "Firefox Focus",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.2",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-55031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55031"
},
{
"name": "CVE-2025-55030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55030"
},
{
"name": "CVE-2025-55028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55028"
},
{
"name": "CVE-2025-55032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55032"
},
{
"name": "CVE-2025-55033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55033"
},
{
"name": "CVE-2025-55029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55029"
}
],
"initial_release_date": "2025-08-20T00:00:00",
"last_revision_date": "2025-08-20T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0714",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-69",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-69/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-65",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-67",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-72",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-71",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-64",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-68",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-68/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-66",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/"
},
{
"published_at": "2025-08-19",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-70",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/"
}
]
}
CERTFR-2025-AVI-0615
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 141 pour iOS | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 128.13 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140.1 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 140.1 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.13 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.26 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 141 | ||
| Mozilla | Firefox | Firefox versions antérieures à 141 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 141 pour iOS",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 128.13",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140.1",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 140.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.13",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.26",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 141",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 141",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-8027",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8027"
},
{
"name": "CVE-2025-8037",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8037"
},
{
"name": "CVE-2025-54144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54144"
},
{
"name": "CVE-2025-8034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8034"
},
{
"name": "CVE-2025-54145",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54145"
},
{
"name": "CVE-2025-8044",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8044"
},
{
"name": "CVE-2025-8041",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8041"
},
{
"name": "CVE-2025-8039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8039"
},
{
"name": "CVE-2025-54143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54143"
},
{
"name": "CVE-2025-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8035"
},
{
"name": "CVE-2025-8043",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8043"
},
{
"name": "CVE-2025-8036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8036"
},
{
"name": "CVE-2025-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8032"
},
{
"name": "CVE-2025-8040",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8040"
},
{
"name": "CVE-2025-8029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8029"
},
{
"name": "CVE-2025-8038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8038"
},
{
"name": "CVE-2025-8028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8028"
},
{
"name": "CVE-2025-8033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8033"
},
{
"name": "CVE-2025-8030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8030"
},
{
"name": "CVE-2025-8031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8031"
},
{
"name": "CVE-2025-8042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8042"
}
],
"initial_release_date": "2025-07-23T00:00:00",
"last_revision_date": "2025-07-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0615",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-56",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-57",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-63",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-61",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-59",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-60",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-62",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/"
},
{
"published_at": "2025-07-22",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-58",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/"
}
]
}
CERTFR-2025-AVI-0536
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.12 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.25 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 140 | ||
| Mozilla | Firefox | Firefox versions antérieures à 140 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.12",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.25",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 140",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 140",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6434"
},
{
"name": "CVE-2025-6428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6428"
},
{
"name": "CVE-2025-6435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6435"
},
{
"name": "CVE-2025-6433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6433"
},
{
"name": "CVE-2025-6427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6427"
},
{
"name": "CVE-2025-6430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6430"
},
{
"name": "CVE-2025-6429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6429"
},
{
"name": "CVE-2025-6426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6426"
},
{
"name": "CVE-2025-6436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6436"
},
{
"name": "CVE-2025-6425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6425"
},
{
"name": "CVE-2025-6431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6431"
},
{
"name": "CVE-2025-6432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6432"
},
{
"name": "CVE-2025-6424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6424"
}
],
"initial_release_date": "2025-06-25T00:00:00",
"last_revision_date": "2025-06-25T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0536",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-51",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/"
},
{
"published_at": "2025-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-53",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/"
},
{
"published_at": "2025-06-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-52",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-52/"
}
]
}
CERTFR-2025-AVI-0454
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 139 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.11 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 128.11 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.24 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 139 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 139",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.11",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 128.11",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.24",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 139",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-5264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5264"
},
{
"name": "CVE-2025-5268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5268"
},
{
"name": "CVE-2025-5263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5263"
},
{
"name": "CVE-2025-5265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5265"
},
{
"name": "CVE-2025-5272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5272"
},
{
"name": "CVE-2025-5270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5270"
},
{
"name": "CVE-2025-5269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5269"
},
{
"name": "CVE-2025-5271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5271"
},
{
"name": "CVE-2025-5266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5266"
},
{
"name": "CVE-2025-5267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5267"
},
{
"name": "CVE-2025-5262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5262"
}
],
"initial_release_date": "2025-05-28T00:00:00",
"last_revision_date": "2025-05-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0454",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-42",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/"
},
{
"published_at": "2025-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-43",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-43/"
},
{
"published_at": "2025-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-46",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/"
},
{
"published_at": "2025-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-45",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-45/"
},
{
"published_at": "2025-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-44",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/"
}
]
}
CERTFR-2025-AVI-0424
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.10.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 138.0.4 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.23.1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.10.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 138.0.4",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.23.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4918",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4918"
},
{
"name": "CVE-2025-4919",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4919"
}
],
"initial_release_date": "2025-05-19T00:00:00",
"last_revision_date": "2025-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0424",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-38",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-38/"
},
{
"published_at": "2025-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-37",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-37/"
},
{
"published_at": "2025-05-17",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-36",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-36/"
}
]
}
CERTFR-2025-AVI-0358
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird | Thunderbird versions antérieures à 138 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.10 | ||
| Mozilla | Firefox | Firefox versions antérieures à 138 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.23 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 128.10 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 138",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.10",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 138",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.23",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.10",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4088"
},
{
"name": "CVE-2025-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4091"
},
{
"name": "CVE-2025-4093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4093"
},
{
"name": "CVE-2025-4090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4090"
},
{
"name": "CVE-2025-4085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4085"
},
{
"name": "CVE-2025-2817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2817"
},
{
"name": "CVE-2025-4089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4089"
},
{
"name": "CVE-2025-4087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4087"
},
{
"name": "CVE-2025-4092",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4092"
},
{
"name": "CVE-2025-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4083"
},
{
"name": "CVE-2025-4082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4082"
},
{
"name": "CVE-2025-4086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4086"
},
{
"name": "CVE-2025-4084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4084"
}
],
"initial_release_date": "2025-04-30T00:00:00",
"last_revision_date": "2025-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0358",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-31",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-31/"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-28",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-32",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-30",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-30/"
},
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-29",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/"
}
]
}
CERTFR-2025-AVI-0266
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 128.9 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.9 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 137 | ||
| Mozilla | Firefox | Firefox versions antérieures à 137 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.22 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.9",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.9",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 137",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 137",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.22",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3032"
},
{
"name": "CVE-2025-3030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3030"
},
{
"name": "CVE-2025-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3028"
},
{
"name": "CVE-2025-3031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3031"
},
{
"name": "CVE-2025-3033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3033"
},
{
"name": "CVE-2025-3029",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3029"
},
{
"name": "CVE-2025-3034",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3034"
},
{
"name": "CVE-2025-3035",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3035"
}
],
"initial_release_date": "2025-04-02T00:00:00",
"last_revision_date": "2025-04-02T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0266",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-21",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-21/"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-23",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-23/"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-20",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-24",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-22",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/"
}
]
}
CERTFR-2025-AVI-0251
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.8.1 | ||
| Mozilla | Firefox | Firefox versions antérieures à 136.0.4 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.21.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.8.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 136.0.4",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.21.1",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2857",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2857"
}
],
"initial_release_date": "2025-03-28T00:00:00",
"last_revision_date": "2025-03-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0251",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Mozilla Firefox. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": "2025-03-27",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-19",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/"
}
]
}
CERTFR-2025-AVI-0176
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox iOS versions antérieures à 136 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.21 | ||
| Mozilla | Firefox | Firefox versions antérieures à 136 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.8 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 136 | ||
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 128.8 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox iOS versions ant\u00e9rieures \u00e0 136",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.21",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 136",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.8",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 136",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.8",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-1939",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1939"
},
{
"name": "CVE-2025-27425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27425"
},
{
"name": "CVE-2025-1931",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1931"
},
{
"name": "CVE-2025-1932",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1932"
},
{
"name": "CVE-2025-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1941"
},
{
"name": "CVE-2024-9956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9956"
},
{
"name": "CVE-2025-1933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1933"
},
{
"name": "CVE-2025-1942",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1942"
},
{
"name": "CVE-2025-1930",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1930"
},
{
"name": "CVE-2024-43097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43097"
},
{
"name": "CVE-2025-1943",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1943"
},
{
"name": "CVE-2025-27426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27426"
},
{
"name": "CVE-2025-1935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1935"
},
{
"name": "CVE-2025-1940",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1940"
},
{
"name": "CVE-2025-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1934"
},
{
"name": "CVE-2025-1937",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1937"
},
{
"name": "CVE-2025-27424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27424"
},
{
"name": "CVE-2025-1936",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1936"
},
{
"name": "CVE-2025-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1938"
},
{
"name": "CVE-2025-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0245"
}
],
"initial_release_date": "2025-03-05T00:00:00",
"last_revision_date": "2025-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0176",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-15",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-15/"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-14",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-18",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-17",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/"
},
{
"published_at": "2025-02-24",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-13",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-13/"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-16",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/"
}
]
}
CERTFR-2025-AVI-0097
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Thunderbird ESR | Thunderbird ESR versions antérieures à 128.7 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.7 | ||
| Mozilla | Thunderbird ESR | Thunderbird versions antérieures à 115.20 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 135 | ||
| Mozilla | Firefox | Firefox versions antérieures à 135 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.20 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Thunderbird ESR versions ant\u00e9rieures \u00e0 128.7",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.7",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 115.20",
"product": {
"name": "Thunderbird ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 135",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 135",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.20",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-49040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49040"
},
{
"name": "CVE-2025-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1010"
},
{
"name": "CVE-2025-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1016"
},
{
"name": "CVE-2025-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1019"
},
{
"name": "CVE-2025-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1020"
},
{
"name": "CVE-2025-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1011"
},
{
"name": "CVE-2025-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1009"
},
{
"name": "CVE-2024-11704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"name": "CVE-2025-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1014"
},
{
"name": "CVE-2025-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1013"
},
{
"name": "CVE-2025-1018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1018"
},
{
"name": "CVE-2025-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1017"
},
{
"name": "CVE-2025-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0510"
},
{
"name": "CVE-2025-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1015"
},
{
"name": "CVE-2025-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1012"
}
],
"initial_release_date": "2025-02-05T00:00:00",
"last_revision_date": "2025-02-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0097",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-08",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-11",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-07",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-09",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2025-10",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/"
}
]
}
CERTFR-2024-AVI-1025
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.18 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 133 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 128.5 | ||
| Mozilla | Firefox | Firefox versions antérieures à 133 | ||
| Mozilla | Firefox | Firefox pour iOS versions antérieures à 133 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 128.5 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.18",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 133",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 128.5",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox versions ant\u00e9rieures \u00e0 133",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox pour iOS versions ant\u00e9rieures \u00e0 133",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 128.5",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-53976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53976"
},
{
"name": "CVE-2024-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11698"
},
{
"name": "CVE-2024-11703",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11703"
},
{
"name": "CVE-2024-11700",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11700"
},
{
"name": "CVE-2024-11708",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11708"
},
{
"name": "CVE-2024-11701",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11701"
},
{
"name": "CVE-2024-11692",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11692"
},
{
"name": "CVE-2024-11699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11699"
},
{
"name": "CVE-2024-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11697"
},
{
"name": "CVE-2024-53975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53975"
},
{
"name": "CVE-2024-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11695"
},
{
"name": "CVE-2024-11704",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11704"
},
{
"name": "CVE-2024-11691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11691"
},
{
"name": "CVE-2024-11705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11705"
},
{
"name": "CVE-2024-11702",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11702"
},
{
"name": "CVE-2024-11693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11693"
},
{
"name": "CVE-2024-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11694"
},
{
"name": "CVE-2024-11706",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11706"
},
{
"name": "CVE-2024-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11696"
}
],
"initial_release_date": "2024-11-27T00:00:00",
"last_revision_date": "2024-11-27T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Mozilla. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-66",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-66/"
},
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-64",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-64/"
},
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-68",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-68/"
},
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-65",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-65/"
},
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-63",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/"
},
{
"published_at": "2024-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2024-67",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-67/"
}
]
}
CVE-2024-11699 (GCVE-0-2024-11699)
Vulnerability from cvelistv5
Published
2024-11-26 13:34
Modified
2025-11-03 21:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5
Summary
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Version: unspecified < 133 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-30T04:55:57.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:03.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrew McCreight, Akmat Suleimanov"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"value": "Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T13:34:02.646Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1880582%2C1929911"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-11699",
"datePublished": "2024-11-26T13:34:02.646Z",
"dateReserved": "2024-11-25T16:29:39.506Z",
"dateUpdated": "2025-11-03T21:52:03.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11698 (GCVE-0-2024-11698)
Vulnerability from cvelistv5
Published
2024-11-26 13:34
Modified
2024-11-27 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
Summary
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted.
*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Version: unspecified < 133 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:16:08.272929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:20:24.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kang Ali of Punggawa Cybersecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing \"Esc\" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. \u003cbr\u003e*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"value": "A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing \"Esc\" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. \n*This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T13:34:00.682Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1916152"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-11698",
"datePublished": "2024-11-26T13:34:00.682Z",
"dateReserved": "2024-11-25T16:29:37.544Z",
"dateUpdated": "2024-11-27T15:20:24.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11704 (GCVE-0-2024-11704)
Vulnerability from cvelistv5
Published
2024-11-26 13:33
Modified
2025-11-03 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Potential double-free vulnerability in PKCS#7 decryption handling
Summary
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133, Thunderbird < 133, Firefox ESR < 128.7, and Thunderbird < 128.7.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Version: unspecified < 133 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:21:47.313551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T16:39:45.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:29.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ronald Crane"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7."
}
],
"value": "A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox \u003c 133, Thunderbird \u003c 133, Firefox ESR \u003c 128.7, and Thunderbird \u003c 128.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Potential double-free vulnerability in PKCS#7 decryption handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T13:58:49.259Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1899402"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-11704",
"datePublished": "2024-11-26T13:33:59.991Z",
"dateReserved": "2024-11-25T16:29:45.930Z",
"dateUpdated": "2025-11-03T20:36:29.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-11697 (GCVE-0-2024-11697)
Vulnerability from cvelistv5
Published
2024-11-26 13:33
Modified
2025-11-03 21:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Keypress Handling in Executable File Confirmation Dialog
Summary
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Version: unspecified < 133 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firefox_esr",
"vendor": "mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thunderbird",
"vendor": "mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "128.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T15:26:51.100004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T15:32:05.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:01.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00029.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "133",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Umar Farooq"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"value": "When handling keypress events, an attacker may have been able to trick a user into bypassing the \"Open Executable File?\" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox \u003c 133, Firefox ESR \u003c 128.5, Thunderbird \u003c 133, and Thunderbird \u003c 128.5."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Keypress Handling in Executable File Confirmation Dialog",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T13:33:59.551Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1842187"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-63/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-64/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-67/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-68/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-11697",
"datePublished": "2024-11-26T13:33:59.551Z",
"dateReserved": "2024-11-25T16:29:35.260Z",
"dateUpdated": "2025-11-03T21:52:01.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}