Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6424

Опубликовано: 24 июн. 2025
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A use-after-free in FontFaceSet resulted in a potentially exploitable crash.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10rhel10/firefox-flatpakAffected
Red Hat Enterprise Linux 10rhel10/thunderbird-flatpakAffected
Red Hat Enterprise Linux 6firefoxOut of support scope
Red Hat Enterprise Linux 6thunderbirdOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 10firefoxFixedRHSA-2025:1007301.07.2025
Red Hat Enterprise Linux 10thunderbirdFixedRHSA-2025:1019502.07.2025
Red Hat Enterprise Linux 7 Extended Lifecycle SupportfirefoxFixedRHSA-2025:1018102.07.2025
Red Hat Enterprise Linux 8firefoxFixedRHSA-2025:1007401.07.2025
Red Hat Enterprise Linux 8thunderbirdFixedRHSA-2025:1024602.07.2025

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2374559firefox: thunderbird: Use-after-free in FontFaceSet

EPSS

Процентиль: 27%
0.00092
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6424

CVSS3: 9.8
ubuntu
27 дней назад

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

nvd логотип

CVE-2025-6424

CVSS3: 9.8
nvd
27 дней назад

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

debian логотип

CVE-2025-6424

CVSS3: 9.8
debian
27 дней назад

A use-after-free in FontFaceSet resulted in a potentially exploitable ...

github логотип

GHSA-87c4-94w2-rw7j

CVSS3: 9.8
github
25 дней назад

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

fstec логотип

BDU:2025-07723

CVSS3: 5.3
fstec
28 дней назад

Уязвимость интерфейса FontFaceSet браузеров Mozilla Firefox, Firefox ESR, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 27%
0.00092
Низкий

7.5 High

CVSS3