Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird < 143.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d09efc3b-b808-11f0-8016-b42e991fc52e advisory.

    https://bugzilla.mozilla.org/show_bug.cgi?id=1665334 reports:
    Spoofing issue in the Site Permissions component.

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1e8a6581-ab7b-11f0-b961-b42e991fc52e advisory.

    security@mozilla.org reports:
    Spoofing issue in the Site Permission component

Tenable has extracted the preceding description block directly from the FreeBSD security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Spoofing issue in the Site Permissions component. This vulnerability affects Firefox < 143 and Thunderbird     < 143. (CVE-2025-10534)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-73 advisory.

  - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2025-10537)

  - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

  - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This     vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
    (CVE-2025-10528)

  - Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <     140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

  - Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143     and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-73 advisory.

  - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2025-10537)

  - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

  - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This     vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
    (CVE-2025-10528)

  - Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <     140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

  - Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143     and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-77 advisory.

  - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2025-10537)

  - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

  - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This     vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
    (CVE-2025-10528)

  - Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <     140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

  - Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143     and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 143.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-77 advisory.

  - Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. (CVE-2025-10537)

  - Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects     Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10527)

  - Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This     vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
    (CVE-2025-10528)

  - Same-origin policy bypass in the Layout component. This vulnerability affects Firefox < 143, Firefox ESR <     140.3, Thunderbird < 143, and Thunderbird < 140.3. (CVE-2025-10529)

  - Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 143     and Thunderbird < 143. (CVE-2025-10530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-100ae879e3 advisory.

    - New upstream release (143.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-4dca10ca2c advisory.

    - New upstream release (143.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
272208	FreeBSD : Firefox -- Spoofing issue in the Site Permissions component (d09efc3b-b808-11f0-8016-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
271198	FreeBSD : Mozilla -- spoofing (1e8a6581-ab7b-11f0-b961-b42e991fc52e)	Nessus	FreeBSD Local Security Checks	high
265642	Linux Distros Unpatched Vulnerability : CVE-2025-10534	Nessus	Misc.	high
265450	Mozilla Firefox < 143.0	Nessus	MacOS X Local Security Checks	high
265449	Mozilla Firefox < 143.0	Nessus	Windows	high
265448	Mozilla Thunderbird < 143.0	Nessus	Windows	high
265447	Mozilla Thunderbird < 143.0	Nessus	MacOS X Local Security Checks	high
265386	Fedora 41 : firefox (2025-100ae879e3)	Nessus	Fedora Local Security Checks	high
265310	Fedora 42 : firefox (2025-4dca10ca2c)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2025-10534

high

Tenable Plugins

high

high

high

high

high

high

high

high

high