Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2.

The version of thunderbird installed on the remote host is prior to 140.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2999 advisory.

    Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue     affects neqo: from 0.4.24 through 0.13.2. (CVE-2025-6703)

    An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2,     Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9179)

    'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142,     Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14,     and Thunderbird < 140.2. (CVE-2025-9180)

    Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox     ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
    (CVE-2025-9181)

    Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14,     Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9185)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of firefox installed on the remote host is prior to 140.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-042 advisory.

    Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue     affects neqo: from 0.4.24 through 0.13.2. (CVE-2025-6703)

    An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2,     Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9179)

    'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142,     Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14,     and Thunderbird < 140.2. (CVE-2025-9180)

    Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox     ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
    (CVE-2025-9181)

    Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14,     Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9185)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1171 advisory.

    Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue     affects neqo: from 0.4.24 through 0.13.2. (CVE-2025-6703)

    An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2,     Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9179)

    'Same-origin policy bypass in the Graphics: Canvas2D component.' This vulnerability affects Firefox < 142,     Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14,     and Thunderbird < 140.2. (CVE-2025-9180)

    Uninitialized memory in the JavaScript Engine component. This vulnerability affects Firefox < 142, Firefox     ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
    (CVE-2025-9181)

    'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' This vulnerability affects     Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. (CVE-2025-9182)

    Spoofing issue in the Address Bar component. This vulnerability affects Firefox < 142 and Firefox ESR <     140.2. (CVE-2025-9183)

    Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141.
    Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of     these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox     ESR < 140.2, Thunderbird < 142, and Thunderbird < 140.2. (CVE-2025-9184)

    Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14,     Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. (CVE-2025-9185)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue     affects neqo: from 0.4.24 through 0.13.2. (CVE-2025-6703)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
265081	Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-2999 (ALAS-2025-2999)	Nessus	Amazon Linux Local Security Checks	low
265072	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2025-042 (ALASFIREFOX-2025-042)	Nessus	Amazon Linux Local Security Checks	low
261736	Amazon Linux 2023 : firefox (ALAS2023-2025-1171)	Nessus	Amazon Linux Local Security Checks	low
260288	Linux Distros Unpatched Vulnerability : CVE-2025-6703	Nessus	Misc.	low

Detections

Analytics

CVE-2025-6703

low

Tenable Plugins

low

low

low

low