- Description
- JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
- Source
- security@mozilla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-416
- Hype score
- Not currently trending
CVE-2025-3028 JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115… https://t.co/iPImGLt0uL
@CVEnew
5 Apr 2025
294 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[SECURITY] [DSA 5891-1] thunderbird security update CVE-2025-3028 CVE-2025-3029 CVE-2025-3030 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code https://t.co/nWEpNA5pct
@_CYOPS
4 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-3028)[1941002]JS code running while transforming a document with the XSLTProcessor - > ... -> UAF https://t.co/CL19AjflTh https://t.co/ydaCtWGCRX https://t.co/A23expdiHf https://t.co/TiF0rFtMl2 @ifsecure
@xvonfers
2 Apr 2025
1615 Impressions
4 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-3028 Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird JavaScript XSLTProcessor https://t.co/jfB9zZ5zlz
@VulmonFeeds
1 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC27CD34-8D27-4797-95BD-A0D419FCD7C1",
"versionEndExcluding": "115.22.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6CBADD8-E865-41B5-BDDD-1572F97D5176",
"versionEndExcluding": "137.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "108709F8-F3C5-4985-B1FA-A569734D4EDF",
"versionEndExcluding": "128.9.0",
"versionStartIncluding": "116.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "547865A8-58DA-4716-A4E0-43597E1C8091",
"versionEndExcluding": "128.9.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D68021EC-F934-4037-8888-FAFBB3364166",
"versionEndIncluding": "137.0",
"versionStartIncluding": "129.0"
}
],
"operator": "OR"
}
]
}
]