CVE-2025-3028

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-3028

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3028.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-3028

Downstream

DLA-4109-1

DLA-4110-1

DSA-5889-1

DSA-5891-1

OESA-2025-1418

OESA-2025-1419

OESA-2025-1420

OESA-2025-1421

OESA-2025-1835

RHSA-2025:3556

RHSA-2025:3581

RHSA-2025:3582

RHSA-2025:3587

RHSA-2025:3589

RHSA-2025:3590

RHSA-2025:3620

RHSA-2025:3621

RHSA-2025:3623

RHSA-2025:3628

RHSA-2025:4026

RHSA-2025:4027

RHSA-2025:4028

RHSA-2025:4029

RHSA-2025:4030

RHSA-2025:4031

RHSA-2025:4032

RHSA-2025:4169

RHSA-2025:4170

RHSA-2025:7491

RHSA-2025:7493

RLSA-2025:3582

RLSA-2025:4170

SUSE-SU-2025:1103-1

SUSE-SU-2025:1138-1

SUSE-SU-2025:1157-1

UBUNTU-CVE-2025-3028

USN-7663-1

openSUSE-SU-2025:14961-1

openSUSE-SU-2025:14966-1

openSUSE-SU-2025:14971-1

openSUSE-SU-2025:14975-1

Related

Published

2025-04-01T13:15:41Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

References

Affected packages