It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-976 advisory.

    An issue in sqlite v.3.49.0 allows an attacker to cause a denial of service via the     SQLITE_DBCONFIG_LOOKASIDE component (CVE-2025-29088)

    A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which     could allow content to execute in the top-level document's process instead of the intended frame,     potentially enabling a sandbox escape. This vulnerability affects Firefox < 138, Firefox ESR < 128.10,     Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. (CVE-2025-4083)

    A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to     missing null checks during attribute access. This could lead to out-of-bounds read access and potentially,     memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and     Thunderbird < 128.10. (CVE-2025-4087)

    Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR <     128.10, Thunderbird < 138, and Thunderbird < 128.10. (CVE-2025-4091)

    Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory     corruption and we presume that with enough effort this could have been exploited to run arbitrary code.
    This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10. (CVE-2025-4093)

    Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of     service via the setupLookaside function (CVE-2025-52099)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2023 : firefox (ALAS2023-2025-976)

medium Nessus Plugin ID 237666

Version 1.2