mozjs115 (Ubuntu:25.04) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Ubuntu:25.04 package mozjs115, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2025-1941 — CVSS 9.1 (critical): Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed…
CVE-2025-2817 — CVSS 8.8 (high): Thunderbird's update mechanism allowed a medium-integrity user process to interfere with the SYSTEM-level updater by manipulating the…
CVE-2025-3033 — CVSS 7.7 (high): After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects…
CVE-2025-1940 — CVSS 7.1 (high): A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in…
CVE-2025-4086 — CVSS 6.5 (medium): A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in…
CVE-2025-4082 — CVSS 5.9 (medium): Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could…
CVE-2025-4084 — CVSS 5.7 (medium): Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this…
CVE-2025-4090 — CVSS 5.3 (medium): A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability…
CVE-2025-1939 — CVSS 3.9 (low): Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to…