关键漏洞信息 漏洞公告 公告编号: Mozilla Foundation Security Advisory 2025-64 公告日期: August 10, 2023 影响产品: Firefox 修复版本: Firefox 142 漏洞详情 1. CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component - 报告者: Caker - 影响: High - 描述: An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. 2. CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component - 报告者: Tom Van Goethem - 影响: High - 描述: Same-origin policy bypass in the Graphics: Canvas2D component. 3. CVE-2025-9181: Uninitialized memory in the JavaScript Engine component - 报告者: Joon Kurniawan - 影响: Moderate - 描述: Uninitialized memory in the JavaScript Engine component. 4. CVE-2025-9186: Spoofing issue in the Address Bar component of Firefox Focus for Android - 报告者: Kevin Linssen - 影响: Low - 描述: Spoofing issue in the Address Bar component of Firefox Focus for Android. 5. CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component - 报告者: Joon Kurniawan - 影响: Low - 描述: Denial-of-service due to out-of-memory in the Graphics: WebRender component. 6. CVE-2025-9183: Spoofing issue in the Address Bar component - 报告者: Rewia - 影响: Low - 描述: Spoofing issue in the Address Bar component. 7. CVE-2025-9187: Memory safety bugs fixed in Firefox 142 and Thunderbird 142 - 报告者: Andry Laison, Maurits Sluier, Sebastian Hengst and the Mozilla Fuzzing Team - 影响: High - 描述: Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. 8. CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - 报告者: Paul Box, Ron VanderMolen and the Mozilla Fuzzing Team - 影响: High - 描述: Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. 9. CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 - 报告者: The Mozilla Fuzzing Team - 影响: High - 描述: Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 138.13, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.