- Description
- JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.
- Source
- security@mozilla.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
[SECURITY] [DSA 5891-1] thunderbird security update CVE-2025-3028 CVE-2025-3029 CVE-2025-3030 Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code https://t.co/nWEpNA5pct
@_CYOPS
4 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2025-3028)[1941002]JS code running while transforming a document with the XSLTProcessor - > ... -> UAF https://t.co/CL19AjflTh https://t.co/ydaCtWGCRX https://t.co/A23expdiHf https://t.co/TiF0rFtMl2 @ifsecure
@xvonfers
2 Apr 2025
1615 Impressions
4 Retweets
15 Likes
7 Bookmarks
0 Replies
0 Quotes
CVE-2025-3028 Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird JavaScript XSLTProcessor https://t.co/jfB9zZ5zlz
@VulmonFeeds
1 Apr 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes