Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-3032

Опубликовано: 01 апр. 2025
Источник: redhat
CVSS3: 6.3

Описание

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxFix deferred
Red Hat Enterprise Linux 10firefox-flatpak-containerFix deferred
Red Hat Enterprise Linux 10thunderbirdFix deferred
Red Hat Enterprise Linux 10thunderbird-flatpak-containerFix deferred
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxFix deferred
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8firefoxFix deferred
Red Hat Enterprise Linux 8thunderbirdFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-497
https://bugzilla.redhat.com/show_bug.cgi?id=2356558thunderbird: firefox: Leaking file descriptors from the fork server

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-3032

CVSS3: 7.4
ubuntu
10 месяцев назад

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

nvd логотип

CVE-2025-3032

CVSS3: 7.4
nvd
10 месяцев назад

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

debian логотип

CVE-2025-3032

CVSS3: 7.4
debian
10 месяцев назад

Leaking of file descriptors from the fork server to web content proces ...

github логотип

GHSA-h3xj-xc3c-cvpm

CVSS3: 7.4
github
10 месяцев назад

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

fstec логотип

BDU:2025-07527

CVSS3: 8.1
fstec
10 месяцев назад

Уязвимость браузера Mozilla Firefox и почтового клиента Thunderbird, связанная с утечкой файлового дескриптора, позволяющая нарушителю повысить свои привилегии

6.3 Medium

CVSS3