SB2026020339 - Ubuntu update for thunderbird
Published: February 3, 2026 Updated: February 6, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 111 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2026-0891)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Spoofing attack (CVE-ID: CVE-2026-0890)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the DOM: Copy & Paste and Drag & Drop component. A remote attacker can spoof page content.
3) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2026-0887)
The vulnerability allows a remote attacker to perform clickjacking attacks.
The vulnerability exists due to an error in the PDF Viewer. A remote attacker can trick the victim into opening a specially crafted URL and gain access to sensitive information or perform clickjacking attack.
4) Buffer overflow (CVE-ID: CVE-2026-0886)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Graphics component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Use-after-free (CVE-ID: CVE-2026-0885)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the JavaScript: GC component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
6) Use-after-free (CVE-ID: CVE-2026-0884)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the JavaScript Engine component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
7) Information disclosure (CVE-ID: CVE-2026-0883)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Networking component. A remote attacker can gain unauthorized access to sensitive information on the system.
8) Use-after-free (CVE-ID: CVE-2026-0882)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the IPC component. A remote attacker can trick the victim into visiting a specially crafted web page and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
9) Integer overflow (CVE-ID: CVE-2026-0880)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the Graphics component. A remote attacker can trick the victim into visiting a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Buffer overflow (CVE-ID: CVE-2026-0879)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Graphics component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Buffer overflow (CVE-ID: CVE-2026-0878)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the in the Graphics: CanvasWebGL component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Protection mechanism failure (CVE-ID: CVE-2026-0877)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. An attacker can bypass implemented DOM security restrictions and execute arbitrary JavaScript code.
13) Information disclosure (CVE-ID: CVE-2026-0818)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way CSS is handled within the application. A remote attacker can exfiltrate content from partially encrypted emails when allowing remote content.
14) Security features bypass (CVE-ID: CVE-2025-9185)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the Graphics: Canvas2D component. A remote attacker can bypass Same-origin policy restrictions.
15) Buffer overflow (CVE-ID: CVE-2025-9184)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Resource exhaustion (CVE-ID: CVE-2025-9182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Graphics WebRender. A remote attacker can trigger resource exhaustion and crash the browser.
17) Use of Uninitialized Variable (CVE-ID: CVE-2025-9181)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to use of uninitialized memory in the JavaScript engine. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
18) Buffer overflow (CVE-ID: CVE-2025-9180)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) Buffer overflow (CVE-ID: CVE-2025-9179)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GMP process when processing encrypted media. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Buffer overflow (CVE-ID: CVE-2025-8040)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Multiple Interpretations of UI Input (CVE-ID: CVE-2025-8039)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to in some cases search terms persisted in the URL bar even after navigating away from the search page. A remote attacker can obtain information about previous searches.
22) Protection Mechanism Failure (CVE-ID: CVE-2025-8038)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Firefox ignored paths when checking the validity of navigations in a frame. A remote attacker can bypass CSP frame-src setting.
23) Protection Mechanism Failure (CVE-ID: CVE-2025-8037)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the way Firefox handles nameless cookies with an equals sign in the value. Such a cookie would shadow other cookies, even if the nameless cookie was set over HTTP and the shadowed cookie included the Secure attribute.
24) Protection Mechanism Failure (CVE-ID: CVE-2025-8036)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Firefox caches CORS preflight responses across IP address changes. A remote attacker can circumvent CORS with DNS rebinding.
25) Buffer overflow (CVE-ID: CVE-2025-8035)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Buffer overflow (CVE-ID: CVE-2025-8034)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) NULL pointer dereference (CVE-ID: CVE-2025-8033)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the JavaScript engine when handling closed generators. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
28) Protection Mechanism Failure (CVE-ID: CVE-2025-8032)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect propagation of the source document when loading an XSLT document. A remote attacker can bypass CSP restrictions.
29) Information disclosure (CVE-ID: CVE-2025-8031)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to incorrect stripping in CSP reports. The username:password part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials.
30) Code Injection (CVE-ID: CVE-2025-8030)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the “Copy as cURL” feature. A remote attacker can trick the victim into copying a specially crafted URL and execute unexpected code on the system.
31) Code Injection (CVE-ID: CVE-2025-8029)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code passed via URL.
The vulnerability exists due to Firefox executes javascript: URLs when used in object and embed tags. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code via objects or embed tags.
32) Incorrect calculation (CVE-ID: CVE-2025-8028)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a WASM br_table instruction with a lot of entries can lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address. A remote attacker can execute arbitrary code on the target system.
Note, the vulnerability affects ARM64 systems only.
33) Buffer Over-read (CVE-ID: CVE-2025-8027)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists on 64-bit systems due to IonMonkey-JIT JavaScript engine write only 32 bits of the 64-bit return value space on the stack, however read the entire 64 bits. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
34) Buffer overflow (CVE-ID: CVE-2025-6436)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Input validation error (CVE-ID: CVE-2025-6435)
The vulnerability allows a remote attacker to manipulate file a downloaded extension.
The vulnerability exists due to insufficient validation of user-supplied input. If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the .download file extension. This could have led to the user inadvertently running a malicious executable.
36) Protection Mechanism Failure (CVE-ID: CVE-2025-6434)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP.
37) Improperly implemented security check for standard (CVE-ID: CVE-2025-6433)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling invalid TLS certificates. If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors".
38) Information disclosure (CVE-ID: CVE-2025-6432)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to DNS requests can be leaked outside of a configured SOCKS proxy. When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding.
39) Protection Mechanism Failure (CVE-ID: CVE-2025-6427)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. An attacker is able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
40) Use-after-free (CVE-ID: CVE-2025-5283)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within libvpx in Google Chrome. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a use-after-free error and gain access to sensitive information.
41) Buffer overflow (CVE-ID: CVE-2025-5272)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
42) Protection Mechanism Failure (CVE-ID: CVE-2025-5271)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to Devtools ignores CSP headers when previewing content. A remote attacker can perform content injection attacks.
43) Cleartext transmission of sensitive information (CVE-ID: CVE-2025-5270)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to software does not always encrypt SNI even when encrypted DNS was enabled. A remote attacker with ability to intercept network traffic can gain access to sensitive data.
44) Buffer overflow (CVE-ID: CVE-2025-4092)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
45) Input validation error (CVE-ID: CVE-2025-4089)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient escaping of special characters in the "copy as cURL" feature. A remote attacker can trick the victim into copying a specially crafted URL and execute arbitrary code on the system.
46) Cross-site request forgery (CVE-ID: CVE-2025-4088)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A malicious website can use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API.
47) Information disclosure (CVE-ID: CVE-2025-4085)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the UITour actor. A remote attacker can gain unauthorized access to sensitive information on the system.
48) Buffer overflow (CVE-ID: CVE-2025-3034)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
49) Memory leak (CVE-ID: CVE-2025-3032)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due browser leaks file descriptors from the fork server to web content processes. A local user can use this information to escalate privileges on the system.
50) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2025-3031)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a JIT optimization error. A remote attacker can read 32 bits of values spilled onto the stack in a JIT compiled function.
51) Buffer overflow (CVE-ID: CVE-2025-1943)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
52) Information disclosure (CVE-ID: CVE-2025-1942)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the String.toUpperCase() function, which includes parts of uninitialized memory into the result output. A remote attacker can gain unauthorized access to sensitive information.
53) Protection mechanism failure (CVE-ID: CVE-2025-14331)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the Request Handling component. A remote attacker can trick the victim into visiting a specially crafted website and bypass Same-Origin policy.
54) Input validation error (CVE-ID: CVE-2025-14330)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due JIT miscompilation in the JavaScript Engine JIT component. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented security restrictions.
55) Improper privilege management (CVE-ID: CVE-2025-14329)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the Netmonitor component. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented security restrictions.
56) Improper privilege management (CVE-ID: CVE-2025-14328)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the Netmonitor component. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented security restrictions.
57) Spoofing attack (CVE-ID: CVE-2025-14327)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in the Downloads Panel component. A remote attacker can perform a spoofing attack.
58) Input validation error (CVE-ID: CVE-2025-14325)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due JIT miscompilation in the JavaScript Engine JIT component. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
59) Input validation error (CVE-ID: CVE-2025-14324)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due JIT miscompilation in the JavaScript Engine JIT component. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
60) Improper privilege management (CVE-ID: CVE-2025-14323)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper privilege management in the DOM Notifications component. A remote attacker can trick the victim into visiting a specially crafted website and bypass implemented security restrictions.
61) Buffer overflow (CVE-ID: CVE-2025-14322)
The vulnerability allows a remote attacker to escape sandbox restrictions.
The vulnerability exists due to a boundary error in the Graphics CanvasWebGL component. A remote attacker can trick the victim into visiting a specially craft6ed website, trigger memory corruption and escape sandbox restrictions.
62) Use-after-free (CVE-ID: CVE-2025-14321)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the the WebRTC Signaling component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
63) Use-after-free (CVE-ID: CVE-2025-13020)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in the WebRTC: Audio/Video component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
64) Protection Mechanism Failure (CVE-ID: CVE-2025-13019)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Workers component. An attacker can bypass implemented security restrictions.
65) Protection Mechanism Failure (CVE-ID: CVE-2025-13018)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Security component. An attacker can bypass implemented security restrictions.
66) Protection Mechanism Failure (CVE-ID: CVE-2025-13017)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Notifications component. An attacker can bypass implemented security restrictions.
67) Buffer overflow (CVE-ID: CVE-2025-13016)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the JavaScript: WebAssembly component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
68) Spoofing attack (CVE-ID: CVE-2025-13015)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can perform spoofing attack.
69) Use-after-free (CVE-ID: CVE-2025-13014)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in the Audio/Video component. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
70) Protection Mechanism Failure (CVE-ID: CVE-2025-13013)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in the DOM: Core & HTML component. An attacker can bypass implemented security restrictions.
71) Race condition (CVE-ID: CVE-2025-13012)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in the Graphics component. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
72) Buffer overflow (CVE-ID: CVE-2025-11715)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
73) Buffer overflow (CVE-ID: CVE-2025-11714)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
74) Code Injection (CVE-ID: CVE-2025-11713)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in the “Copy as cURL” feature. A remote attacker can send trick the victim into copying a specially crafted URL and execute arbitrary code on the system.
Note, the vulnerability affects Windows installations only.
75) Protection mechanism failure (CVE-ID: CVE-2025-11712)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A malicious page can use the type attribute of an OBJECT tag to override the default browser behavior when encountering a web resource served without a content-type. This can lead to an XSS on a site that unsafely serves files without a content-type header.
76) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-11711)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions, which allows an malicious web application to modify JavaScript Object properties that were supposed to be non-writable. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
77) Information disclosure (CVE-ID: CVE-2025-11710)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A compromised web process using malicious IPC messages can cause the privileged browser process to reveal blocks of its memory to the compromised process.
78) Out-of-bounds write (CVE-ID: CVE-2025-11709)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing WebGL textures. A remote attacker can create a specially crafted website, trick the victim into opening it using the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
79) Use-after-free (CVE-ID: CVE-2025-11708)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in MediaTrackGraphImpl::GetInstance(). A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
80) Buffer overflow (CVE-ID: CVE-2025-10537)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
81) Information disclosure (CVE-ID: CVE-2025-10536)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the Networking: Cache component. A remote attacker can gain unauthorized access to sensitive information on the system.
82) Integer overflow (CVE-ID: CVE-2025-10533)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the SVG component. A remote attacker can trick the victim into visiting a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
83) Out-of-bounds read (CVE-ID: CVE-2025-10532)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the JavaScript: GC component. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
84) Security features bypass (CVE-ID: CVE-2025-10529)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the Layout component. A remote attacker can bypass same-origin policy and gain unauthorized access to data outside of the current domain.
85) Buffer overflow (CVE-ID: CVE-2025-10528)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Graphics: Canvas2D component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
86) Use-after-free (CVE-ID: CVE-2025-10527)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Graphics: Canvas2D component. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
87) Buffer overflow (CVE-ID: CVE-2025-1020)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
88) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-1019)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the z-order of the browser windows could be manipulated to hide the fullscreen notification. A remote attacker can perform spoofing attack.89) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2025-1018)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. A remote attacker can perform spoofing attack.
90) Buffer overflow (CVE-ID: CVE-2025-0247)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
91) Buffer overflow (CVE-ID: CVE-2025-0243)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
92) Buffer overflow (CVE-ID: CVE-2025-0241)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
93) Use-after-free (CVE-ID: CVE-2025-0240)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when parsing a JavaScript module as JSON. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
94) Improper Certificate Validation (CVE-ID: CVE-2025-0239)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to Alt-Svc ALPN does not properly validate certificates when the original server is redirecting to an insecure site. A remote attacker can perform MitM attack.
95) Unintended Proxy or Intermediary (CVE-ID: CVE-2025-0237)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to WebChannel API does not check the sending principal but rather accepted the principal being sent when transporting data across processes. A local user can perform confused deputy attack and escalate privileges on the system.
96) Buffer overflow (CVE-ID: CVE-2024-9403)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
97) Buffer overflow (CVE-ID: CVE-2024-9402)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
98) Resource exhaustion (CVE-ID: CVE-2024-9400)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources during JIT compilation. A remote attacker can crash the browser.
99) Input validation error (CVE-ID: CVE-2024-9399)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling WebTransport. A remote attacker can trick the victim into visiting a specially crafted website and crash the browser.
100) Information disclosure (CVE-ID: CVE-2024-9398)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a possibility to enumerate protocol handlers via the window.open() call. A remote attacker can enumerate installed applications on the system.
101) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-9397)
The vulnerability allows a remote attacker to perform clickjacking attacks.
The vulnerability exists due to a missing delay in directory upload UI. A remote attacker can trick a user into granting permission via clickjacking.
102) Buffer overflow (CVE-ID: CVE-2024-9396)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when cloning certain objects. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
103) Input validation error (CVE-ID: CVE-2024-50336)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation when handling MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver.
104) Race condition (CVE-ID: CVE-2024-10468)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a race condition in IndexedDB. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
105) Buffer overflow (CVE-ID: CVE-2024-10467)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
106) Resource management error (CVE-ID: CVE-2024-10466)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling DOM push subscriptions. A remote attacker can send specially crafted data to the browser and crash it.
107) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-10465)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to a clipboard "paste" button persists across different tabs. A remote attacker can trick the victim into pasting content into a malicious tab.
108) Resource management error (CVE-ID: CVE-2024-10464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to repeated writes to history interface attributes. A remote attacker can crash the browser.
109) Spoofing attack (CVE-ID: CVE-2024-10462)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the browser truncates long URLs when displaying origin of permission prompt. A remote attacker can perform a spoofing attack by providing an overly long URL that looks like a trusted domain name.
110) Universal cross-site scripting (CVE-ID: CVE-2024-10461)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling multipart/x-mixed-replace responses. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of any website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
111) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2024-10460)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the origin of an external protocol handler prompt can be obscured using a "data:" URL within an iframe. A remote attacker can perform spoofing attack.
Remediation
Install update from vendor's website.