Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

CVE Database V5

Detailed information about CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 in Mozilla Firefox 

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 in Mozilla Firefox - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 in Mozilla Firefox

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

Detailed information about CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters in Mozilla Firefox affecting Mozilla Firefox. Get real-time updates, t

CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters in Mozilla Firefox - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters in Mozilla Firefox

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

Detailed information about CVE-2025-3028: Use-after-free triggered by XSLTProcessor in Mozilla Firefox affecting Mozilla Firefox. Get real-time updates, technic

CVE-2025-3028: Use-after-free triggered by XSLTProcessor in Mozilla Firefox - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3028: Use-after-free triggered by XSLTProcessor in Mozilla Firefox

The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.

Detailed information about CVE-2025-31183: An app may be able to access sensitive user data in Apple tvOS affecting Apple tvOS. Get real-time updates, technical

CVE-2025-31183: An app may be able to access sensitive user data in Apple tvOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-31183: An app may be able to access sensitive user data in Apple tvOS

This issue was addressed with improved handling of symlinks. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to delete files for which it does not have permission.

Detailed information about CVE-2025-31182: An app may be able to delete files for which it does not have permission in Apple tvOS affecting Apple tvOS. Get real

CVE-2025-31182: An app may be able to delete files for which it does not have permission in Apple tvOS - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-31182: An app may be able to delete files for which it does not have permission in Apple tvOS

An issue was discovered in Artifex Ghostscript before 10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via long characters to devices/vector/doc_common.c.

Detailed information about CVE-2025-27831: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-27831: n/a

CVE-2025-27831: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 in Mozilla Firefox

CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters in Mozilla Firefox

CVE-2025-3028: Use-after-free triggered by XSLTProcessor in Mozilla Firefox

CVE-2025-31183: An app may be able to access sensitive user data in Apple tvOS

CVE-2025-31182: An app may be able to delete files for which it does not have permission in Apple tvOS

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility