openEuler 22.03 LTS SP4 update for firefox

1) Resource management error

EUVDB-ID: #VU65798

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36315

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the cache preload. When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information Exposure Through Timing Discrepancy

EUVDB-ID: #VU65799

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-36316

CWE-ID: CWE-208 - Information Exposure Through Timing Discrepancy

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way Performance API handles cross-site redirects. A remote attacker can observe differences between PerformanceEntries and learn whether the target URL had been subject to a redirect.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU66722

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-38475

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security mechanisms.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can write a value in a zero-length JavaScript array.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Information disclosure

EUVDB-ID: #VU69332

Risk: Low

CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45417

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to Service Workers do not detect Private Browsing Mode correctly in all cases, resulting in data being written to disk for websites visited in Private Browsing Mode. A local user can gain access to potentially sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Security features bypass

EUVDB-ID: #VU69334

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-45419

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way Firefox handles deletion of a security exception granted for an invalid TLS certificate. If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer overflow

EUVDB-ID: #VU70155

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46879

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU105843

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2022-46883

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Prototype pollution

EUVDB-ID: #VU72259

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-25731

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary JavaScrpit code on the target system.

The vulnerability exists due to URL previews in the network panel of developer tools improperly store URLs. A remote attacker can use query parameters to overwrite global objects in privileged code when rendering URLPreview and perform prototype pollution.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU72260

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-25733

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in TaskbarPreviewCallback when processing data returned from gfx::SourceSurfaceSkia::Map(). A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Type conversion

EUVDB-ID: #VU72261

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-25736

CWE-ID: CWE-704 - Type conversion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an invalid downcast from nsHTMLDocument to nsIContent in GetTableSelectionMode. A remote attacker can crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Information disclosure

EUVDB-ID: #VU73678

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-25750

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to an unspecified error, which can cause the ServiceWorker's offline cache to be leaked to the file system when using private browsing mode. As a result, an attacker can gain unauthorized access to sensitive information on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Information disclosure

EUVDB-ID: #VU73679

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-28160

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to browser translates the URL to the actual local path when following a redirect to a publicly accessible web extension file. A remote attacker can gain unauthorized access to sensitive information on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU73681

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-28177

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Race condition

EUVDB-ID: #VU74827

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-29537

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to multiple race conditions in font initialization code. A remote attacker can trick the victim into visiting a malicious website, trigger a race condition and execute arbitrary code

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) File and directory information exposure

EUVDB-ID: #VU74828

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29538

CWE-ID: CWE-538 - File And Directory Information Exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the way WebExtension handles the "jar:file:///" URI during the request load. A remote attacker can obtain directory paths on the user's machine.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Security features bypass

EUVDB-ID: #VU74830

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-29540

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect processing of iframes. A remote attacker can use a redirect embedded into sourceMappingUrls to allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Spoofing attack

EUVDB-ID: #VU74837

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29547

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to insecure handling of cookies in Firefox cookie jar. When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Security features bypass

EUVDB-ID: #VU74839

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-29549

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to an error in JavaScript bind functionality. Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU75877

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-32208

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Firefox leaks the script base URL in service workers due to dynamic import() call. A remote attacker can access to sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource exhaustion

EUVDB-ID: #VU75878

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-32209

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing favicon image. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU75879

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-32210

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to documents incorrectly assume an ordering of principal objects. A remote attacker can cause a document to be loaded with a higher privileged principal than intended.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Security features bypass

EUVDB-ID: #VU77003

Risk: Medium

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-34415

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way Firefox loads documents from a "data:" URL that was the result of a redirect. A remote attacker can trick the victim to open a specially crafted URL and bypass site-isolation protections against Spectre-like attacks.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Buffer overflow

EUVDB-ID: #VU77005

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-34417

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Security features bypass

EUVDB-ID: #VU77945

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-3482

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error when Firefox is configured to block storage of all cookies. It is still possible to store data in localstorage by using an iframe with a source of 'about:blank'. A remote attacker can abuse such behavior to store tracking data without victim's permission.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Use-after-free

EUVDB-ID: #VU78067

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-3600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error during the worker lifecycle when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Input validation error

EUVDB-ID: #VU77946

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-37203

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation in the Drag and Drop API. A remote attacker trick the victim into creating a shortcut to local system files and leverage the Drag and Drop API behavior to execute arbitrary code.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU77947

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-37204

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Spoofing attack

EUVDB-ID: #VU77948

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-37205

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data when processing RTL Arabic characters in the address bar. A remote attacker can spoof URL in the address bar.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) UNIX symbolic link following

EUVDB-ID: #VU77949

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-37206

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a symlink following issue in the FileSystem API. A remote attacker can trick the victim into uploading a file, which contain a symlink to a critical file, and gain access to potentially sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU77950

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-37209

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in NotifyOnHistoryReload. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU77951

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-37210

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU77952

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-37212

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a malicious website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU78851

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4051

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when displaying the full screen notification by using the file open dialog. A remote attacker can trick the victim into clocking on the file open dialog and perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU78853

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4053

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due an error when handling full screen notifications. A malicious website can obscure the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL, and perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Buffer overflow

EUVDB-ID: #VU78858

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-4058

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim into opening a specially crafted web page, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Buffer overflow

EUVDB-ID: #VU80097

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-4577

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in JIT UpdateRegExpStatics when UpdateRegExpStatics attempted to access initialStringHeap. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource exhaustion

EUVDB-ID: #VU80098

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-4578

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in JS::CheckRegExpSyntax. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Input validation error

EUVDB-ID: #VU80096

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-4579

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling persistent search terms. Search queries in the default search engine can appear to have been the currently navigated URL if the search query itself is a well formed URL. As a result, a remote attacker can perform a spoofing attack if it had been maliciously set as the default search engine.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Cleartext storage of sensitive information

EUVDB-ID: #VU80099

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4580

CWE-ID: CWE-312 - Cleartext Storage of Sensitive Information

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to push notifications are saved to disk unencrypted. A local user can gain access to potentially sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Buffer overflow

EUVDB-ID: #VU80100

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-4582

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebGL glGetProgramiv. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Note, the vulnerability affects only Firefox installations on macOS.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Information disclosure

EUVDB-ID: #VU80101

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-4583

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to private session data are not cleared in HttpBaseChannel when closing private window. A remote attacker can obtain information from the not cleared session.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Buffer overflow

EUVDB-ID: #VU80102

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-4585

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Out-of-bounds write

EUVDB-ID: #VU81126

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5169

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in PathOps. A remote attacker can create a specially crafted website, trick the victim into opening, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Memory leak

EUVDB-ID: #VU81130

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5170

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due memory leak during canvas rendering. A remote attacker can trick the victim to visit a specially crafted webpage, trigger memory leak of a privileged process by unexpectedly changing the surface and gain access to potentially sensitive information. This memory leak could be used to effect a sandbox escape if the correct data was leaked.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Use-after-free

EUVDB-ID: #VU81127

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5171

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error during Ion compilation. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a use after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Use-after-free

EUVDB-ID: #VU81131

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5172

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Ion Engine. A remote attacker can trick the victim to open a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Out-of-bounds write

EUVDB-ID: #VU81132

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5173

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trick the victim to open a specially crafted HTML file to trigger an out-of-bounds write and execute arbitrary code on the target system.

The vulnerability affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU81133

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5175

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free ImageBitmap during process shutdown. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Buffer overflow

EUVDB-ID: #VU81129

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5176

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Covert timing channel

EUVDB-ID: #VU85267

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5388

CWE-ID: CWE-385 - Covert Timing Channel

Exploit availability: No

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to insufficient fix for #VU84108 (CVE-2023-4421). A remote attacker can perform Marvin attack and gain access to sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Spoofing attack

EUVDB-ID: #VU82337

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5721

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of queued up rendering. A remote attacker can perform spoofing attack by activating or dismissing certain browser prompts and dialogs.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Information disclosure

EUVDB-ID: #VU82345

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5722

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to cross-origin size and header leakage. A remote attacker can learn the size of an opaque response using iterative requests.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Input validation error

EUVDB-ID: #VU82346

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5723

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling invalid cookie characters. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Resource management error

EUVDB-ID: #VU82339

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5724

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources in WebGL. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU82340

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5725

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a malicious extension to bypass implemented security restrictions.

The vulnerability exists due to improperly imposed security restrictions in WebExtension, which can open arbitrary URLs. A malicious extension can collect sensitive user data.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Buffer overflow

EUVDB-ID: #VU82343

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5728

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper object tracking during garbage collection. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Spoofing attack

EUVDB-ID: #VU82347

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-5729

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU82344

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5730

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU82348

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-5731

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Spoofing attack

EUVDB-ID: #VU82338

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-5732

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data when handling bidirectional characters. A remote attacker can spoof the browser address bar.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Out-of-bounds write

EUVDB-ID: #VU83367

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6204

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing HTML content in in WebGL2 blitFramebuffer. A remote attacker can trick the victim ti visit a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU83368

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-6205

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the MessagePort::Entangled() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Multiple Interpretations of UI Input

EUVDB-ID: #VU83369

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6206

CWE-ID: CWE-450 - Multiple Interpretations of UI Input

Exploit availability: No

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to the black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack and trick the victim into pressing the permissions grant button.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Use-after-free

EUVDB-ID: #VU84561

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6859

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in PR_GetIdentitiesLayer when creating the TLS socket. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Security features bypass

EUVDB-ID: #VU84562

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-6860

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to VideoBridge lack of texture validation. A remote attacker can trick the victim to open a specially crafted website, escape the sandbox and gain access to sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Reliance on undefined behavior

EUVDB-ID: #VU84566

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6863

CWE-ID: CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to reliance on undefined behavior in ShutdownObserver(). A remote attacker can crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper handling of exceptional conditions

EUVDB-ID: #VU84569

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6866

CWE-ID: CWE-755 - Improper Handling of Exceptional Conditions

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of errors in TypedArrays. A remote attacker can trick the victim to open a specially crafted website and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Multiple Interpretations of UI Input

EUVDB-ID: #VU84571

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-6869

CWE-ID: CWE-450 - Multiple Interpretations of UI Input

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error when displaying browser content. A <dialog> element can be manipulated to paint content outside of a sandboxed iframe, which could allow untrusted content to display under the guise of trusted content.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Unchecked Return Value

EUVDB-ID: #VU85709

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-0743

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an unchecked return value in TLS handshake code in NSS TLS method. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU85714

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0748

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to application does not properly impose security restrictions. A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) Resource management error

EUVDB-ID: #VU85720

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-0754

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when handling WASM source files. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU99480

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-10458

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to a permission leak via embed or object elements. A remote attacker can create a specially crafted webpage that embeds a trusted website and force the browser to inherit permissions from this trusted website.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Use-after-free

EUVDB-ID: #VU99481

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10459

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in layout with accessibility. A remote attacker can trick the victim into visiting a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU99484

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10460

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the origin of an external protocol handler prompt can be obscured using a "data:" URL within an iframe. A remote attacker can perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Universal cross-site scripting

EUVDB-ID: #VU99485

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-10461

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling multipart/x-mixed-replace responses. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of any website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Spoofing attack

EUVDB-ID: #VU99486

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-10462

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to the browser truncates long URLs when displaying origin of permission prompt. A remote attacker can perform a spoofing attack by providing an overly long URL that looks like a trusted domain name.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Information disclosure

EUVDB-ID: #VU99482

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10463

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a cross-origin video frame leak. A remote attacker can trick the victim into visiting a specially crafted website and access video frames cross-origin from a different browser tab.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Resource management error

EUVDB-ID: #VU99487

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10464

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to repeated writes to history interface attributes. A remote attacker can crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Insufficient UI Warning of Dangerous Operations

EUVDB-ID: #VU99488

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10465

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to a clipboard "paste" button persists across different tabs. A remote attacker can trick the victim into pasting content into a malicious tab.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Resource management error

EUVDB-ID: #VU99489

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10466

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling DOM push subscriptions. A remote attacker can send specially crafted data to the browser and crash it.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Buffer overflow

EUVDB-ID: #VU99490

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-10467

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Input validation error

EUVDB-ID: #VU105828

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-10941

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when handling an iframe with a malformed URI. A remote attacker can trick the victim into opening a specially crafted web page and crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Spoofing attack

EUVDB-ID: #VU86638

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1547

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a series of API calls and redirects to display an attacker-controlled alert dialog on another website (with the victim website's URL shown).

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Spoofing attack

EUVDB-ID: #VU86639

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1548

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can hide the fullscreen notification by using a dropdown select input element.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Spoofing attack

EUVDB-ID: #VU86640

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1549

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a malicious website to set a large custom cursor, portions of the which can overlap with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Spoofing attack

EUVDB-ID: #VU86641

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1550

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data. A remote attacker can use a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Input validation error

EUVDB-ID: #VU86642

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1551

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input when processing Set-Cookie response headers in multipart HTTP responses. A remote attacker who controls the Content-Type response header and part of the response body can inject Set-Cookie response headers that are honored by the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Buffer overflow

EUVDB-ID: #VU86644

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-1553

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU86645

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-1554

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a remote attacker to poison browser cache.

The vulnerability exists due to the fetch() API and navigation incorrectly share the same cache, as the cache key does not include the optional headers the fetch() API may contain. A remote attacker can poison the local browser cache by priming it with a fetch() response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Security features bypass

EUVDB-ID: #VU86646

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-1555

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to browser does not properly respect SameSite cookies when the website is opened using the "firefox://" protocol handler. A remote attacker can bypass implemented security restrictions and gain access to sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Release of invalid pointer or reference

EUVDB-ID: #VU86647

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-1556

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to invalid memory access when the profiler is running in the browser. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Buffer overflow

EUVDB-ID: #VU86648

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-1557

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Input validation error

EUVDB-ID: #VU87630

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2606

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect processing of WASM register values, which leads to arbitrary integers turning into pointer values. A remote attacker can execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Buffer overflow

EUVDB-ID: #VU87631

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2607

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to the JIT code fails to save return registers on Armv7-A systems. A remote attacker can execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Integer overflow

EUVDB-ID: #VU87639

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-2608

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding() and AppendEncodedCharacters() function. A remote attacker can trick the victim to visit a specially crafted website, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Multiple Interpretations of UI Input

EUVDB-ID: #VU87640

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2609

CWE-ID: CWE-450 - Multiple Interpretations of UI Input

Exploit availability: No

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to the permission prompt input delay can expire while the window is not in focus. A remote attacker can trick the victim to visit a specially crafted website and perform a clickjacking attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Security features bypass

EUVDB-ID: #VU87643

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-2610

CWE-ID: CWE-254 - Security Features

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling HTML code. A remote attacker with ability to inject HTML code into the page (e.g. using an XSS vulnerability) can obtain CSP nonce and bypass strict content security policies.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Multiple Interpretations of UI Input

EUVDB-ID: #VU87644

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2611

CWE-ID: CWE-450 - Multiple Interpretations of UI Input

Exploit availability: No

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to a missing delay on the pointer lock. A remote attacker can trick the victim to visit a specially crafted website and perform a clickjacking attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Use-after-free

EUVDB-ID: #VU87645

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-2612

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website to trigger a particular code path in SafeRefPtr and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Resource exhaustion

EUVDB-ID: #VU87641

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-2613

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of data when decoding a QUIC ACK frame. A remote attacker can trick the victim to visit a specially crafted website and consume excessive memory resources.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Buffer overflow

EUVDB-ID: #VU87646

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-2614

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted webpage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Buffer overflow

EUVDB-ID: #VU87642

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-2615

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML input. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Resource exhaustion

EUVDB-ID: #VU87647

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-2616

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Out-of-bounds write

EUVDB-ID: #VU87735

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-29943

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to an error during range-based bounds check elimination when processing JavaScript objects. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

105) Code Injection

EUVDB-ID: #VU87736

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-29944

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker can send trick the victim to visit a specially crafted website, inject an event handler into a privileged object and execute arbitrary JavaScript on the system within the parent process.

Successful exploitation of the vulnerability may allow remote code execution.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Resource exhaustion

EUVDB-ID: #VU88652

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3302

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling HTTP/2 CONTINUATION frames. A remote attacker can trick the victim to visit a specially crated website and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88579

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3852

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to GetBoundName can return the wrong version of an object when JIT optimizations were applied. A remote attacker can abuse such behavior to execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Use-after-free

EUVDB-ID: #VU88654

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3853

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88580

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3854

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect optimization, when some code patterns in the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. A remote attacker can abuse such behavior to execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88655

Risk: Medium

CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-3855

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to JIT incorrectly optimized MSubstr operations. A remote attacker can trick the victim to visit a specially crafted website, trigger an out-of-bounds read and potentially compromise the affected system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) Use-after-free

EUVDB-ID: #VU88656

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3856

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error during WASM garbage collection. A remote attacker can trick the victim to visit a specially crafted website and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Processor optimization removal or modification of security-critical code

EUVDB-ID: #VU88581

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3857

CWE-ID: CWE-1037 - Processor optimization removal or modification of security-critical code

Exploit availability: No

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to incorrect optimization when JIT created incorrect code for arguments in certain cases. A remote attacker can abuse such behavior to execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Buffer overflow

EUVDB-ID: #VU88657

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3858

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a boundary error when processing JavaScript. A remote attacker can mutate a JavaScript object so that the JIT could crash while tracing it.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

114) Integer overflow

EUVDB-ID: #VU88582

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3859

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to integer overflow when handling OpenType fonts. A remote attacker can trick the victim to visit a specially crafted website and gain access to sensitive information.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Resource exhaustion

EUVDB-ID: #VU88658

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3860

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when tracing empty shape lists. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Use-after-free

EUVDB-ID: #VU88631

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3861

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a use-after-free error. If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Access of uninitialized pointer

EUVDB-ID: #VU88659

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-3862

CWE-ID: CWE-824 - Access of Uninitialized Pointer

Exploit availability: No

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to usage of uninitialized memory in MarkStack assignment operator. A remote attacker can trick the victim to visit the website and crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Buffer overflow

EUVDB-ID: #VU88653

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) Buffer overflow

EUVDB-ID: #VU88660

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-3865

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Improper input validation

EUVDB-ID: #VU101165

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43097

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Type Confusion

EUVDB-ID: #VU89537

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2024-4367

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when handling fonts in PDF.js. A remote attacker can trick the victim to visit a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

122) Use-after-free

EUVDB-ID: #VU89550

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4764

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when handling newly connected audio input via multiple WebRTC threads. A remote attacker can trick the victim to open a specially crafted website and execute arbitrary code on the system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Resource management error

EUVDB-ID: #VU89538

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4767

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to browser does not delete IndexedDB files after browser window is closed if the `browser.privatebrowsing.autostart` preference is enabled. A local user can view the file and gain access to data browsed in private browsing mode.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) Insufficient UI warning of dangerous operations

EUVDB-ID: #VU89540

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-4768

CWE-ID: CWE-357 - Insufficient UI Warning of Dangerous Operations

Exploit availability: No

The vulnerability allows a remote attacker to perform clickjacking attack.

The vulnerability exists due to an error in the popup notifications' interaction with WebAuthn. A remote attacker can trick the victim into granting permissions to a malicious web application.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Information Exposure Through an Error Message

EUVDB-ID: #VU89547

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4769

CWE-ID: CWE-209 - Information Exposure Through an Error Message

Exploit availability: No

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to browser issues different error messages for application/javascript responses and non-script responses when importing resources using Web Workers. A remote attacker can trick the victim to visit a specially crafted website and learn information cross-origin

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) Use-after-free

EUVDB-ID: #VU89548

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4770

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to crash the browser.

The vulnerability exists due to a use-after-free error when saving a page to PDF. A remote attacker can trick the victim to save a specially crafted web page to PDF and crash the browser.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Use-after-free

EUVDB-ID: #VU89553

Risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-4771

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Predictable Seed in Pseudo-Random Number Generator (PRNG)

EUVDB-ID: #VU89554

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4772

CWE-ID: CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)

Exploit availability: No

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to Firefox uses an insecure rand() function to generate nonce for HTTP digest authentication. A remote attacker can guess nonce and potentially gain unauthorized access to the victim's session.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Spoofing attack

EUVDB-ID: #VU89555

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4773

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect handling of network errors during page load, which could lead to the prior content to remain in view with a blank URL bar. A remote attacker can perform spoofing attack.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Buffer overflow

EUVDB-ID: #VU89557

Risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-4775

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a remote attacker to perform DoS attack.

The vulnerability exists due to a boundary error when handling WASM code in the built-in profiler. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.

Note, this issue only affects the application when the profiler is running.

Install updates from vendor's repository.

openEuler: 22.03 LTS SP4

firefox-debugsource: before 128.8.0-1

firefox-debuginfo: before 128.8.0-1

firefox: before 128.8.0-1

• cpe:2.3:o:openeuler:openeuler:22.03:LTS SP4:*:*:*:*:*:*
• cpe:2.3:a:openeuler:firefox-debugsource:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox-debuginfo:*:*:*:*:*:openeuler:*:*
• cpe:2.3:a:openeuler:firefox:*:*:*:*:*:openeuler:*:*

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1265

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.