CVE-2025-4085

Опубликовано: 29 апр. 2025

Источник: redhat

CVSS3: 6.8

EPSS Низкий

Описание

An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	firefox	Out of support scope
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	firefox	Not affected
Red Hat Enterprise Linux 7	thunderbird	Out of support scope
Red Hat Enterprise Linux 8	firefox	Not affected
Red Hat Enterprise Linux 8	thunderbird	Not affected
Red Hat Enterprise Linux 9	firefox	Not affected
Red Hat Enterprise Linux 9	firefox-flatpak-container	Not affected
Red Hat Enterprise Linux 9	thunderbird	Not affected
Red Hat Enterprise Linux 9	thunderbird-flatpak-container	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=2362905firefox: thunderbird: Potential information leakage and privilege escalation in UITour actor

EPSS

Процентиль: 9%

0.00036

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2025-4085

CVSS3: 7.1

ubuntu

около 2 месяцев назад

CVE-2025-4085

CVSS3: 7.1

nvd

около 2 месяцев назад

CVE-2025-4085

CVSS3: 7.1

debian

около 2 месяцев назад

An attacker with control over a content process could potentially leve ...

GHSA-8hvc-6h7p-6mcf

CVSS3: 7.1

github

около 2 месяцев назад

EPSS

Процентиль: 9%

0.00036

Низкий

6.8 Medium

CVSS3