Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5912 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5912-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     May 01, 2025                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : thunderbird     CVE ID         : CVE-2025-2830 CVE-2025-3522 CVE-2025-3523 CVE-2025-4083                      CVE-2025-4087 CVE-2025-4091 CVE-2025-4093

    Multiple security issues were discovered in Thunderbird, which could     result in the execution of arbitrary code or information disclosure

    For the stable distribution (bookworm), these problems have been fixed in     version 1:128.10.0esr-1~deb12u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

  - A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to     missing null checks during attribute access. This could lead to out-of-bounds read access and potentially,     memory corruption. (CVE-2025-4087)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

  - A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to     missing null checks during attribute access. This could lead to out-of-bounds read access and potentially,     memory corruption. (CVE-2025-4087)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5910 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5910-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     April 30, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2025-4083 CVE-2025-4087 CVE-2025-4091 CVE-2025-4093

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code or a bypass of sandbox restrictions.

    For the stable distribution (bookworm), these problems have been fixed in     version 128.10.0esr-1~deb12u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 128.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-119-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 128.10.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-119-02 advisory.

    New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-thunderbird security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-29 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Mozilla Firefox's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-     level updater by manipulating the file-locking behavior. By injecting code into the user-privileged     process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths     controlled by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS.
    Other versions of Firefox are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote Windows host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 128.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-32 advisory.

  - Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-4091)

  - Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level     updater by manipulating the file-locking behavior. By injecting code into the user-privileged process, an     attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled     by a non-privileged user and enabling privilege escalation. (CVE-2025-2817)

  - Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained     with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for     macOS. Other versions of Thunderbird are unaffected. (CVE-2025-4082)

  - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. (CVE-2025-4083)

  - Due to insufficient escaping of the special characters in the copy as cURL feature, an attacker could     trick a user into using this command, potentially leading to local code execution on the user's system.
    This bug only affects Firefox for Windows. Other versions of Firefox are unaffected. (CVE-2025-4084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
235066	Debian dsa-5912 : thunderbird - security update	Nessus	Debian Local Security Checks	critical
235064	Mozilla Thunderbird < 128.10	Nessus	Windows	critical
235063	Mozilla Thunderbird < 128.10	Nessus	MacOS X Local Security Checks	critical
235040	Debian dsa-5910 : firefox-esr - security update	Nessus	Debian Local Security Checks	critical
235012	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-119-01)	Nessus	Slackware Local Security Checks	high
234992	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2025-119-02)	Nessus	Slackware Local Security Checks	high
234929	Mozilla Firefox ESR < 128.10	Nessus	MacOS X Local Security Checks	high
234928	Mozilla Firefox ESR < 128.10	Nessus	Windows	high
234923	Mozilla Thunderbird ESR < 128.10	Nessus	Windows	high
234922	Mozilla Thunderbird ESR < 128.10	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2025-4093

medium

Tenable Plugins

critical

critical

critical

critical

high

high

high

high

high

high