Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-4085

Опубликовано: 29 апр. 2025
Источник: redhat
CVSS3: 6.8
EPSS Низкий

Описание

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10firefox-flatpak-containerNot affected
Red Hat Enterprise Linux 10thunderbirdNot affected
Red Hat Enterprise Linux 10thunderbird-flatpak-containerNot affected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=2362905firefox: thunderbird: Potential information leakage and privilege escalation in UITour actor

EPSS

Процентиль: 41%
0.00188
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-4085

CVSS3: 7.1
ubuntu
12 месяцев назад

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

nvd логотип

CVE-2025-4085

CVSS3: 7.1
nvd
12 месяцев назад

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

debian логотип

CVE-2025-4085

CVSS3: 7.1
debian
12 месяцев назад

An attacker with control over a content process could potentially leve ...

github логотип

GHSA-8hvc-6h7p-6mcf

CVSS3: 7.1
github
12 месяцев назад

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

fstec логотип

BDU:2025-11979

CVSS3: 7.1
fstec
12 месяцев назад

Уязвимость веб-браузера Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 41%
0.00188
Низкий

6.8 Medium

CVSS3