Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.

The version of mozilla-firefox installed on the remote host is prior to 128.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-119-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 128.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-119-02 advisory.

    New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-thunderbird security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory.

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the ampersand character in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 115.23. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-30 advisory.

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the ampersand character in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-31 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-31 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 138.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-28 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - An attacker with control over a content process could potentially leverage the privileged UITour actor to     leak sensitive information or escalate privileges. (CVE-2025-4085)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote Windows host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
235012	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-119-01)	Nessus	Slackware Local Security Checks	high
234992	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2025-119-02)	Nessus	Slackware Local Security Checks	high
234931	Mozilla Firefox ESR < 115.23	Nessus	MacOS X Local Security Checks	high
234930	Mozilla Firefox ESR < 115.23	Nessus	Windows	high
234929	Mozilla Firefox ESR < 128.10	Nessus	MacOS X Local Security Checks	high
234928	Mozilla Firefox ESR < 128.10	Nessus	Windows	high
234927	Mozilla Thunderbird < 138.0	Nessus	MacOS X Local Security Checks	high
234926	Mozilla Thunderbird < 138.0	Nessus	Windows	high
234925	Mozilla Firefox < 138.0	Nessus	MacOS X Local Security Checks	high
234924	Mozilla Firefox < 138.0	Nessus	Windows	high
234923	Mozilla Thunderbird ESR < 128.10	Nessus	Windows	high
234922	Mozilla Thunderbird ESR < 128.10	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2025-4082

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high