FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- privilege scalation attack

Affected packages
firefox < 134.0,2
librewolf < 134.0
firefox-esr < 128.6.0
thunderbird < 128.6

Details

VuXML ID ea51e89a-116c-11f0-8b2c-b42e991fc52e
Discovery 2025-01-07
Entry 2025-04-04

security@mozilla.org reports:

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks.

[source]

References

CVE Name CVE-2025-0237
URL https://nvd.nist.gov/vuln/detail/CVE-2025-0237

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.