Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code

Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code

Category: <h2 class="cBlue inline m-r-10">Arti<span class="cOrange">cles</span></h2>

Critical Firefox 0-Interaction libvpx Vulnerability Let Attackers Execute Arbitrary Code

Information

Double-Free Memory Corruption is a type of software vulnerability that occurs when a program attempts to free the same memory block twice, resulting in memory corruption and potentially leading to unexpected behavior such as program crashes, data corruption, or exploitation by malicious actors.

Incident

Mozilla has released emergency security updates to address a critical- vulnerability in Firefox that could allow attackers to execute arbitrary code on victims’ systems. The security flaw is tracked as CVE-2025-5262, Security researchers warn that this is a particularly dangerous vulnerability as it requires no user action beyond normal browsing to be exploited.

  0-Interaction libvpx Vulnerability is a double-free memory corruption issue located in the libvpx library, which Firefox uses for VP8 and VP9 video encoding and decoding in WebRTC communications.

  According to Mozilla’s security advisory, “A double-free could have occurred in vpx_codec_enc_init_multi after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash.”

  This created confusion at the call site, as other failures in vp8e_init() function did not result in ownership transfer, leading both the caller and vpx_codec_destroy() function to free the same memory block, triggering the double-free condition.

Recommendation

  Mozilla has addressed the vulnerability, released on May 27, 2025.

  • Firefox 139.0
  • Firefox ESR 128.11
  • Firefox ESR 115.24

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
0613879439 (Ms.Sirilak)
0922576902 (Ms.Narusorn)

Referent

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Reference
1

CVE-2025-1763

30/5/2025

30/5/2025

GitLab EE versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

cross-site-scripting

8.7

An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions.

Updated to version 17.9.7 ,17.10.5,17.11.1

https://app.opencve.io/cve/CVE-2025-1763
2

CVE-2025-5280

27/5/2025

29/5/2025

Google Chrome prior to 137.0.7151.55

Out of bounds write

8.8

Out of bounds write in V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page

Update Chrome to version 137.0.7151.55 or later

https://app.opencve.io/cve/CVE-2025-5280
3

CVE-2025-22252

28/5/2025

29/5/2025

Fortinet FortiProxy versions 7.6.0 through 7.6.1
FortiSwitchManager version 7.2.5
FortiOS versions 7.4.4 through 7.4.6 and version 7.6.0

Missing Authentication

9

A missing authentication for critical function in Fortinet FortiProxy , FortiSwitchManager and FortiOS may allow an attacker with knowledge of an existing admin account to access the device as a valid admin via an authentication bypass.

Fortinet FortiProxy versions 7.6.2 or later
FortiSwitchManager version 7.2.6 or later
FortiOS versions 7.6.1 or later

https://fortiguard.fortinet.com/psirt/FG-IR-24-472


 
 4

CVE-2024-20272

17/1/2024

2/6/2025

Cisco Unity Connection

unauthenticated, remote attacker and execute commands

7.3

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.

no workarounds

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD
5

CVE-2025-46701

29/5/2025

30/5/2025

Apache Tomcat 11.0.0-M1 to 11.0.6
Apache Tomcat 10.1.0-M1 to 10.1.40
Apache Tomcat 9.0.0.M1 to 9.0.104

Security constraint bypass for CGI scripts

7.3

Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped to the CGI servlet.

Upgrade to Apache Tomcat 11.0.7 or later
- Upgrade to Apache Tomcat 10.1.41 or later
- Upgrade to Apache Tomcat 9.0.105 or later

https://app.opencve.io/cve/CVE-2025-46701

 

 

Malware News or Campaign IOC/IOA | EN

No

Campaign Name

Detection Date

Attack

Type

  

Description

  

Mitigation/Remediation
1

Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak

03/06/2025

Ransomware, Malware, Phishing

In late May 2025, the identity of the infamous ransomware group leader behind Trickbot and Conti was revealed as Vitaly Nikolaevich Kovalev, known by the alias “Stern.” Kovalev, a 36-year-old Russian national, is recognized as the founder and leader of Trickbot, a cybercriminal group with approximately 100 members. Trickbot and Conti are large-scale cybercrime networks that have launched attacks on organizations worldwide, generating illicit revenues amounting to hundreds of millions of dollars. Their targets have included hospitals, schools, and businesses. This revelation stemmed from an internal data leak orchestrated by an anonymous source known as “GangExposed,” who shared over 60,000 internal chat logs and documents from within the Trickbot and Conti groups. These disclosures provided detailed insight into the group’s structure, which closely resembles that of a traditional business organization. Identifying Kovalev was part of “Operation Endgame,” an international operation aimed at dismantling cybercriminal networks. Additionally, reports suggest that Kovalev may have connections with the Russian intelligence agency FSB, including the establishment of offices designated for “government topics.” Some Trickbot members believe that Stern served as a conduit between the group and senior FSB officials. This exposure of the ransomware leader marks a significant step in the global fight against cybercrime and underscores the importance of international cooperation in combating cyber threats.
  • Keep backup data separated from the main network to prevent attacks.
  • Regularly update operating systems and all software.
  • Train employees to recognize social engineering and phishing attacks.
  • Use MFA for all critical accounts, especially those accessing the network externally.

Ref: https://www.darkreading.com/cyberattacks-data-breaches/trickbot-conti-ransomware-operator-unmasked

17 June 2025

Viewed 55 time

Engine by shopup.com