ZDI-25-292: (Pwn2Own) Mozilla Firefox SpiderMonkey Out-Of-Bounds Write Remote Code Execution Vulnerability
Zero Day Initiative Advisories (published)
2025-05-21 13:00:00
收藏
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2025-4919.
目录
最新
- ZDI-25-414: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
- ZDI-25-415: ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vulnerability
- ZDI-25-416: ServiceStack FindType Directory Traversal Remote Code Execution Vulnerability
- ZDI-25-411: Delta Electronics CNCSoft-G2 DPAX File Parsing Memory Corruption Remote Code Execution Vulnerability
- ZDI-25-412: Fuji Electric Smart Editor X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
- ZDI-25-413: Fuji Electric Smart Editor TL5 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-25-409: RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability
- ZDI-25-410: Allegra calculateTokenExpDate Password Recovery Authentication Bypass Vulnerability