Risk | High |
Patch available | YES |
Number of vulnerabilities | 9 |
CVE-ID | CVE-2025-1009 CVE-2025-1010 CVE-2025-1011 CVE-2025-1012 CVE-2024-11704 CVE-2025-1013 CVE-2025-1014 CVE-2025-1016 CVE-2025-1017 |
CWE-ID | CWE-416 CWE-94 CWE-415 CWE-362 CWE-295 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Slackware Linux Operating systems & Components / Operating system mozilla-firefox Operating systems & Components / Operating system package or component |
Vendor | Slackware |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU103604
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1009
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when handling XSLT data. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103605
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1010
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error in Custom Highlight API. A remote attacker can trick the victim into visiting a specially
crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103608
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1011
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation during WebAssembly code generation. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103606
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1012
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The
vulnerability exists due to a use-after-free error during concurrent delazification. A remote attacker can trick the victim into visiting a specially
crafted website and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100964
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-11704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the sec_pkcs7_decoder_start_decrypt() function. A remote attacker can trick the victim into connecting to a specially crafted website, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103609
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-1013
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a race condition when opening private browsing tabs. A remote attacker can force the browser to open private browsing tabs in normal browsing windows and gain access to sensitive information.
Update the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103610
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-1014
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain bypass implemented security restrictions.
The vulnerability exists due to improper certificate validation when adding certificates to a store. Firefox did not check certificate length, resulting only in trusted data being checked. A remote attacker can trick the victim into importing a malicious certificate into the certificate store and perform MitM attack.
Update the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103607
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1016
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU103611
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-1017
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package mozilla-firefox.
Vulnerable software versionsSlackware Linux: 15.0
mozilla-firefox: before 128.7.0esr
CPE2.3http://www.slackware.com/security/viewer.php?l=slackware-security&y=2025&m=slackware-security.395681
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.