Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN538 _____________________________________________________________________ DATE : 21/08/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Firefox versions prior to 142, ESR 115.27, ESR 128.14, ESR 140.2, iOS 142. ===================================================================== https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/ https://www.mozilla.org/en-US/security/advisories/mfsa2025-68/ _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-64 Security Vulnerabilities fixed in Firefox 142 Announced August 19, 2025 Impact high Products Firefox Fixed in Firefox 142 #CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component Reporter Oskar Impact high Description An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. References Bug 1979527 #CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component Reporter Tom Van Goethem Impact high Description 'Same-origin policy bypass in the Graphics: Canvas2D component.' References Bug 1979782 #CVE-2025-9181: Uninitialized memory in the JavaScript Engine component Reporter Irvan Kurniawan Impact moderate Description Uninitialized memory in the JavaScript Engine component. References Bug 1977130 #CVE-2025-9186: Spoofing issue in the Address Bar component of Firefox Focus for Android Reporter Kevin Brosnan Impact low Description Spoofing issue in the Address Bar component of Firefox Focus for Android. References Bug 1445758 #CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component Reporter Irvan Kurniawan Impact low Description 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' References Bug 1975837 #CVE-2025-9183: Spoofing issue in the Address Bar component Reporter Renwa Impact low Description Spoofing issue in the Address Bar component. References Bug 1976102 #CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142 Reporter Andy Leiserson, Maurice Dauer, Sebastian Hengst and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox 142 and Thunderbird 142 #CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 #CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-65 Security Vulnerabilities fixed in Firefox ESR 115.27 Announced August 19, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 115.27 #CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component Reporter Oskar Impact high Description An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. References Bug 1979527 #CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component Reporter Tom Van Goethem Impact high Description 'Same-origin policy bypass in the Graphics: Canvas2D component.' References Bug 1979782 #CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-66 Security Vulnerabilities fixed in Firefox ESR 128.14 Announced August 19, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 128.14 #CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component Reporter Oskar Impact high Description An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. References Bug 1979527 #CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component Reporter Tom Van Goethem Impact high Description 'Same-origin policy bypass in the Graphics: Canvas2D component.' References Bug 1979782 #CVE-2025-9181: Uninitialized memory in the JavaScript Engine component Reporter Irvan Kurniawan Impact moderate Description Uninitialized memory in the JavaScript Engine component. References Bug 1977130 #CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-67 Security Vulnerabilities fixed in Firefox ESR 140.2 Announced August 19, 2025 Impact high Products Firefox ESR Fixed in Firefox ESR 140.2 #CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component Reporter Oskar Impact high Description An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. References Bug 1979527 #CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component Reporter Tom Van Goethem Impact high Description 'Same-origin policy bypass in the Graphics: Canvas2D component.' References Bug 1979782 #CVE-2025-9181: Uninitialized memory in the JavaScript Engine component Reporter Irvan Kurniawan Impact moderate Description Uninitialized memory in the JavaScript Engine component. References Bug 1977130 #CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component Reporter Irvan Kurniawan Impact low Description 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' References Bug 1975837 #CVE-2025-9183: Spoofing issue in the Address Bar component Reporter Renwa Impact low Description Spoofing issue in the Address Bar component. References Bug 1976102 #CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. References Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 #CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Reporter The Mozilla Fuzzing Team Impact high Description Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to ru arbitrary code. References Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 _____________________________________________________________________ Mozilla Foundation Security Advisory 2025-68 Security Vulnerabilities fixed in Firefox for iOS 142 Announced August 19, 2025 Impact high Products Firefox for iOS Fixed in Firefox for iOS 142 #CVE-2025-55030: Content-Disposition headers incorrectly ignored for some MIME types Reporter Renwa Impact high Description Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks References Bug 1976304 #CVE-2025-55028: JavaScript alerts could impede UI interaction or allow denial of service attacks Reporter Antoine Morin Impact moderate Description Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks References Bug 1850240 #CVE-2025-55031: Passkey phishing within Bluetooth range Reporter Hafiizh Impact moderate Description Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. References Bug 1979499 Bug 1979804 #CVE-2025-55029: Malicious scripts could spam popups for denial of service attacks Reporter Bharat Impact low Description Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks References Bug 1973577 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================