Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e689575030 advisory.

    - Updated to new upstream release (142.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-64 advisory.

  - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-9185)

  - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    (CVE-2025-9179)

  - 'Same-origin policy bypass in the Graphics: Canvas2D component.' (CVE-2025-9180)

  - Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

  - Spoofing issue in the Address Bar component of Firefox Focus for Android. (CVE-2025-9186)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-64 advisory.

  - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-9185)

  - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    (CVE-2025-9179)

  - 'Same-origin policy bypass in the Graphics: Canvas2D component.' (CVE-2025-9180)

  - Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

  - Spoofing issue in the Address Bar component of Firefox Focus for Android. (CVE-2025-9186)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-70 advisory.

  - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-9185)

  - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    (CVE-2025-9179)

  - 'Same-origin policy bypass in the Graphics: Canvas2D component.' (CVE-2025-9180)

  - Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

  - 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' (CVE-2025-9182)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 142.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-70 advisory.

  - Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR     140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-9185)

  - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This     process is also heavily sandboxed, but represents slightly different privileges from the content process.
    (CVE-2025-9179)

  - 'Same-origin policy bypass in the Graphics: Canvas2D component.' (CVE-2025-9180)

  - Uninitialized memory in the JavaScript Engine component. (CVE-2025-9181)

  - 'Denial-of-service due to out-of-memory in the Graphics: WebRender component.' (CVE-2025-9182)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
252914	Fedora 42 : firefox (2025-e689575030)	Nessus	Fedora Local Security Checks	high
252321	Mozilla Firefox < 142.0	Nessus	Windows	high
252320	Mozilla Firefox < 142.0	Nessus	MacOS X Local Security Checks	high
252313	Mozilla Thunderbird < 142.0	Nessus	MacOS X Local Security Checks	high
252312	Mozilla Thunderbird < 142.0	Nessus	Windows	high

Detections

Analytics

CVE-2025-9187

critical

Tenable Plugins

high

high

high

high

high