Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-0241

Опубликовано: 07 янв. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 9firefox:flatpak/firefoxAffected
Red Hat Enterprise Linux 9thunderbird:flatpak/thunderbirdAffected
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:013209.01.2025
Red Hat Enterprise Linux 8firefoxFixedRHSA-2025:014409.01.2025
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2025:028113.01.2025
Red Hat Enterprise Linux 8.2 Advanced Update SupportfirefoxFixedRHSA-2025:013309.01.2025
Red Hat Enterprise Linux 8.2 Advanced Update SupportthunderbirdFixedRHSA-2025:028613.01.2025

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-119
https://bugzilla.redhat.com/show_bug.cgi?id=2336168firefox: Memory corruption when using JavaScript Text Segmentation

EPSS

Процентиль: 38%
0.00159
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 7.7
ubuntu
5 месяцев назад

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 7.7
nvd
5 месяцев назад

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6.

CVSS3: 7.7
debian
5 месяцев назад

When segmenting specially crafted text, segmentation would corrupt mem ...

CVSS3: 7.7
github
5 месяцев назад

When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134 and Firefox ESR < 128.6.

CVSS3: 6.5
fstec
5 месяцев назад

Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтовых клиентов Thunderbird, Thunderbird ESR, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 38%
0.00159
Низкий

6.5 Medium

CVSS3