A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

alma_linux ALSA-2025:3556: ALSA-2025:3556: firefox security update (High)

alma_linux ALSA-2025:3582: ALSA-2025:3582: firefox security update (High)

suse_linux SUSE-SU-2025:1138-1: SUSE SLED15 / SLES15 / openSUSE 15 : Security update for MozillaFirefox (Important) (SUSE-SU-2025:1138-1)

vendor_unpatched cve-2025-3029: Unpatched CVEs for Debian Linux (cve-2025-3029)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-3582 advisory.

    [128.9.0-2.0.1]
    - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789]

    [128.9.0]
    - Add debranding patches (Mustafa Gezen)
    - Add OpenELA default preferences (Louis Abel)

    [128.9.0-2]
    - Update to 128.9.0 build2

    [128.9.0-1]
    - Update to 128.9.0 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5891 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5891-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     April 03, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : thunderbird     CVE ID         : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

    Multiple security issues were discovered in Thunderbird, which could     result in denial of service or the execution of arbitrary code.

    For the stable distribution (bookworm), these problems have been fixed in     version 1:128.9.0esr-1~deb12u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-3556 advisory.

    [128.9.0-2.0.1]
    - Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
    - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

    [128.9.0]
    - Add debranding patches (Mustafa Gezen)
    - Add OpenELA default preferences (Louis Abel)

    [128.9.0-2]
    - Update to 128.9.0 build2

    [128.9.0-1]
    - Update to 128.9.0 build1

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d48f900812 advisory.

    - Updated to latest upstream (137.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1103-1 advisory.

    - Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 (bsc#1240083):
      * CVE-2025-3028: Use-after-free triggered by XSLTProcessor
      * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters
      * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137,         Firefox ESR 128.9, and Thunderbird 128.9

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5889 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5889-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     April 02, 2025                        https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : firefox-esr     CVE ID         : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in the execution of arbitrary     code or spoofing.

    For the stable distribution (bookworm), these problems have been fixed in     version 128.9.0esr-1~deb12u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4110 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4110-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     April 02, 2025                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : thunderbird     Version        : 1:128.9.0esr-1~deb11u1     CVE ID         : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

    Multiple security issues were discovered in Thunderbird, which could     result in spoofing or the execution of arbitrary code.

    For Debian 11 bullseye, these problems have been fixed in version     1:128.9.0esr-1~deb11u1.

    We recommend that you upgrade your thunderbird packages.

    For the detailed security status of thunderbird please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/thunderbird

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4109 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-4109-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/               Emilio Pozuelo Monfort     April 02, 2025                                https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : firefox-esr     Version        : 128.9.0esr-1~deb11u1     CVE ID         : CVE-2025-3028 CVE-2025-3029 CVE-2025-3030

    Multiple security issues have been found in the Mozilla Firefox web     browser, which could potentially result in spoofing or the execution     of arbitrary code.

    For Debian 11 bullseye, these problems have been fixed in version     128.9.0esr-1~deb11u1.

    We recommend that you upgrade your firefox-esr packages.

    For the detailed security status of firefox-esr please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/firefox-esr

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-96c31e2086 advisory.

    - Updated to latest upstream (137.0)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-thunderbird installed on the remote host is prior to 128.9.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-091-02 advisory.

    New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-thunderbird security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of mozilla-firefox installed on the remote host is prior to 128.9.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2025-091-01 advisory.

    New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the mozilla-firefox security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-24 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-24 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-22 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-22 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 137.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-23 advisory.

  - Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-3034)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function.
    (CVE-2025-3031)

  - Leaking of file descriptors from the fork server to web content processes could allow for privilege     escalation attacks. (CVE-2025-3032)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 137.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-23 advisory.

  - Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-3034)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function.
    (CVE-2025-3031)

  - Leaking of file descriptors from the fork server to web content processes could allow for privilege     escalation attacks. (CVE-2025-3032)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 137.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-20 advisory.

  - Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-3034)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function.
    (CVE-2025-3031)

  - Leaking of file descriptors from the fork server to web content processes could allow for privilege     escalation attacks. (CVE-2025-3032)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 137.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-20 advisory.

  - Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort some of these could have been exploited to run     arbitrary code. (CVE-2025-3034)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function.
    (CVE-2025-3031)

  - Leaking of file descriptors from the fork server to web content processes could allow for privilege     escalation attacks. (CVE-2025-3032)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote macOS or Mac OS X host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-24 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Thunderbird ESR installed on the remote Windows host is prior to 128.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-24 advisory.

  - Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some     of these bugs showed evidence of memory corruption and we presume that with enough effort some of these     could have been exploited to run arbitrary code. (CVE-2025-3030)

  - JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-     free. (CVE-2025-3028)

  - A crafted URL containing specific Unicode characters could have hidden the true origin of the page,     resulting in a potential spoofing attack. (CVE-2025-3029)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
233830	Oracle Linux 8 : firefox (ELSA-2025-3582)	Nessus	Oracle Linux Local Security Checks	high
233824	Debian dsa-5891 : thunderbird - security update	Nessus	Debian Local Security Checks	high
233820	Oracle Linux 9 : firefox (ELSA-2025-3556)	Nessus	Oracle Linux Local Security Checks	high
233808	Fedora 40 : firefox (2025-d48f900812)	Nessus	Fedora Local Security Checks	high
233794	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2025:1103-1)	Nessus	SuSE Local Security Checks	high
233781	Debian dsa-5889 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
233780	Debian dla-4110 : thunderbird - security update	Nessus	Debian Local Security Checks	high
233772	Debian dla-4109 : firefox-esr - security update	Nessus	Debian Local Security Checks	high
233747	Fedora 41 : firefox (2025-96c31e2086)	Nessus	Fedora Local Security Checks	high
233746	Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2025-091-02)	Nessus	Slackware Local Security Checks	high
233745	Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2025-091-01)	Nessus	Slackware Local Security Checks	high
233744	Mozilla Thunderbird < 128.9	Nessus	Windows	high
233743	Mozilla Thunderbird < 128.9	Nessus	MacOS X Local Security Checks	high
233651	Mozilla Firefox ESR < 128.9	Nessus	Windows	critical
233650	Mozilla Firefox ESR < 128.9	Nessus	MacOS X Local Security Checks	critical
233649	Mozilla Thunderbird < 137.0	Nessus	Windows	critical
233648	Mozilla Thunderbird < 137.0	Nessus	MacOS X Local Security Checks	critical
233647	Mozilla Firefox < 137.0	Nessus	Windows	critical
233646	Mozilla Firefox < 137.0	Nessus	MacOS X Local Security Checks	critical
233645	Mozilla Thunderbird ESR < 128.9	Nessus	MacOS X Local Security Checks	critical
233644	Mozilla Thunderbird ESR < 128.9	Nessus	Windows	critical

Detections

Analytics

CVE-2025-3029

high

Tenable Plugins

Coming Soon

high

high

high

high

high

high

high

high

high

high

high

high

high

critical

critical

critical

critical

critical

critical

critical

critical