CVE-2025-3035

CVE-2025-3035

Título es
CVE-2025-3035

Mar, 01/04/2025 – 13:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-3035

Descripción en
By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox

01/04/2025
01/04/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1952268

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

    • Enviar en el boletín
    Off

    CVE-2025-3034

    CVE-2025-3034

    Título es
    CVE-2025-3034

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3034

    Descripción en
    Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2C1934086%2C1950360

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

    • Enviar en el boletín
    Off

    CVE-2025-3033

    CVE-2025-3033

    Título es
    CVE-2025-3033

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3033

    Descripción en
    After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded.
    *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1950056

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

    • Enviar en el boletín
    Off

    CVE-2025-3032

    CVE-2025-3032

    Título es
    CVE-2025-3032

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3032

    Descripción en
    Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1949987

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

    • Enviar en el boletín
    Off

    CVE-2025-3031

    CVE-2025-3031

    Título es
    CVE-2025-3031

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3031

    Descripción en
    An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1947141

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

    • Enviar en el boletín
    Off

    CVE-2025-3029

    CVE-2025-3029

    Título es
    CVE-2025-3029

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3029

    Descripción en
    A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1952213

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-22/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

  • https://www.mozilla.org/security/advisories/mfsa2025-24/

    • Enviar en el boletín
    Off

    CVE-2025-3030

    CVE-2025-3030

    Título es
    CVE-2025-3030

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3030

    Descripción en
    Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-22/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

  • https://www.mozilla.org/security/advisories/mfsa2025-24/

    • Enviar en el boletín
    Off

    CVE-2025-31408

    CVE-2025-31408

    Título es
    CVE-2025-31408

    Mar, 01/04/2025 – 13:15

    Tipo
    CWE-862

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31408

    Descripción en
    Missing Authorization vulnerability in Zoho Flow allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zoho Flow: from n/a through 2.13.3.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/zoho-flow/vulnerability/wordpress-zoho-flow-plugin-2-13-3-broken-access-control-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-3028

    CVE-2025-3028

    Título es
    CVE-2025-3028

    Mar, 01/04/2025 – 13:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3028

    Descripción en
    JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox

    01/04/2025
    01/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1941002

  • https://www.mozilla.org/security/advisories/mfsa2025-20/

  • https://www.mozilla.org/security/advisories/mfsa2025-21/

  • https://www.mozilla.org/security/advisories/mfsa2025-22/

  • https://www.mozilla.org/security/advisories/mfsa2025-23/

  • https://www.mozilla.org/security/advisories/mfsa2025-24/

    • Enviar en el boletín
    Off

    CVE-2025-3082

    CVE-2025-3082

    Título es
    CVE-2025-3082

    Mar, 01/04/2025 – 11:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3082

    Descripción en
    A user authorized to access a view may be able to alter the intended collation, allowing them to access to a different or unintended view of underlying data. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.20, MongoDB Server v7.0 version prior to 7.0.14 and MongoDB Server v7.3 versions prior to 7.3.4.

    01/04/2025
    01/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    3.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    LOW

    Referencias

  • https://jira.mongodb.org/browse/SERVER-103151

    • Enviar en el boletín
    Off