The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c0d9be4e68 advisory.

    Update to 128.12.0

    * https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/
    * https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-8e4e6cf21e advisory.

    Update to 128.12.0

    * https://www.thunderbird.net/en-US/thunderbird/128.12.0esr/releasenotes/
    * https://www.mozilla.org/en-US/security/advisories/mfsa2025-55/


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-55 advisory.

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.
    (CVE-2025-6426)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing     the URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-55 advisory.

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.
    (CVE-2025-6426)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - Thunderbird could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing     the URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory.

  - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was     able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of     the WebAuthN spec which requires a secure transport established without errors. (CVE-2025-6433)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory.

  - If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was     able to provide a WebAuthn challenge that the user would be prompted to complete.  This is in violation of     the WebAuthN spec which requires a secure transport established without errors. (CVE-2025-6433)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02122-1 advisory.

    Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670):

    - CVE-2025-6424: Use-after-free in FontFaceSet
    - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
    - CVE-2025-6426: No warning when opening executable terminal files on macOS
    - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
    - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02123-1 advisory.

    Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670):

    - CVE-2025-6424: Use-after-free in FontFaceSet
    - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID
    - CVE-2025-6426: No warning when opening executable terminal files on macOS
    - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com
    - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1605ec3e86 advisory.

    - Updated to latest upstream (140.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6bffc34b8d advisory.

    - Updated to latest upstream (140.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 140.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-175-02 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory.

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the     URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-53 advisory.

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the     URL specified in an <code>embed</code> tag.  This could have bypassed website security checks that     restricted which domains users were allowed to embed. (CVE-2025-6429)

  - When a file download is specified via the <code>Content-Disposition</code> header, that directive would be     ignored if the file was included via a <code><embed></code> or <code><object></code> tag,     potentially making a website vulnerable to a cross-site scripting attack. (CVE-2025-6430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

  - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-6436)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-51 advisory.

  - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-6436)

  - A use-after-free in FontFaceSet resulted in a potentially exploitable crash. (CVE-2025-6424)

  - An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID     that identified the browser, and persisted between containers and normal/private browsing mode, but not     profiles. (CVE-2025-6425)

  - The executable file warning did not warn users before opening files with the <code>terminal</code>     extension.  This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.
    (CVE-2025-6426)

  - An attacker was able to bypass the <code>connect-src</code> directive of a Content Security Policy by     manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools.
    (CVE-2025-6427)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
241937	Fedora 42 : thunderbird (2025-c0d9be4e68)	Nessus	Fedora Local Security Checks	critical
241695	Fedora 41 : thunderbird (2025-8e4e6cf21e)	Nessus	Fedora Local Security Checks	critical
241213	Mozilla Thunderbird < 128.12	Nessus	MacOS X Local Security Checks	critical
241212	Mozilla Thunderbird < 128.12	Nessus	Windows	critical
241211	Mozilla Thunderbird < 140.0	Nessus	Windows	critical
241210	Mozilla Thunderbird < 140.0	Nessus	MacOS X Local Security Checks	critical
240735	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox (SUSE-SU-2025:02122-1)	Nessus	SuSE Local Security Checks	critical
240713	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2025:02123-1)	Nessus	SuSE Local Security Checks	critical
240629	Fedora 41 : firefox (2025-1605ec3e86)	Nessus	Fedora Local Security Checks	critical
240515	Fedora 42 : firefox (2025-6bffc34b8d)	Nessus	Fedora Local Security Checks	high
240489	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-175-02)	Nessus	Slackware Local Security Checks	high
240336	Mozilla Firefox ESR < 128.12	Nessus	MacOS X Local Security Checks	critical
240335	Mozilla Firefox ESR < 128.12	Nessus	Windows	critical
240334	Mozilla Firefox < 140.0	Nessus	Windows	critical
240333	Mozilla Firefox < 140.0	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2025-6426

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

high

high

critical

critical

critical

critical