UBUNTU-CVE-2025-6426

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-6426
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-6426
Upstream
Downstream
Related
Published
2025-06-24T13:15:00Z
Modified
2026-04-16T10:44:41.391060Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

References

Affected packages

Ubuntu:18.04:LTS
mozjs52

Package

Name
mozjs52
Purl
pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

52.*
52.3.1-0ubuntu3
52.3.1-7fakesync1
52.8.1-0ubuntu0.18.04.1
52.9.1-0ubuntu0.18.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "52.9.1-0ubuntu0.18.04.1",
            "binary_name": "libmozjs-52-0"
        },
        {
            "binary_version": "52.9.1-0ubuntu0.18.04.1",
            "binary_name": "libmozjs-52-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
mozjs38

Package

Name
mozjs38
Purl
pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

38.*
38.8.0~repack1-0ubuntu1
38.8.0~repack1-0ubuntu3
38.8.0~repack1-0ubuntu4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "38.8.0~repack1-0ubuntu4",
            "binary_name": "libmozjs-38-0"
        },
        {
            "binary_version": "38.8.0~repack1-0ubuntu4",
            "binary_name": "libmozjs-38-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
Ubuntu:20.04:LTS
mozjs68

Package

Name
mozjs68
Purl
pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

68.*
68.5.0-1~fakesync
68.5.0-2~fakesync
68.6.0-1
68.6.0-1ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "68.6.0-1ubuntu1",
            "binary_name": "libmozjs-68-0"
        },
        {
            "binary_version": "68.6.0-1ubuntu1",
            "binary_name": "libmozjs-68-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
mozjs52

Package

Name
mozjs52
Purl
pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

52.*
52.9.1-1build1
52.9.1-1ubuntu3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "52.9.1-1ubuntu3",
            "binary_name": "libmozjs-52-0"
        },
        {
            "binary_version": "52.9.1-1ubuntu3",
            "binary_name": "libmozjs-52-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
Ubuntu:22.04:LTS
mozjs102

Package

Name
mozjs102
Purl
pkg:deb/ubuntu/mozjs102@102.15.1-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

102.*
102.11.0-0ubuntu0.22.04.1
102.12.0-0ubuntu0.22.04.1
102.13.0-0ubuntu0.22.04.1
102.15.1-0ubuntu0.22.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "102.15.1-0ubuntu0.22.04.1",
            "binary_name": "libmozjs-102-0"
        },
        {
            "binary_version": "102.15.1-0ubuntu0.22.04.1",
            "binary_name": "libmozjs-102-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
mozjs78

Package

Name
mozjs78
Purl
pkg:deb/ubuntu/mozjs78@78.15.0-4ubuntu1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

78.*
78.13.0-1
78.15.0-2
78.15.0-4ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "78.15.0-4ubuntu1",
            "binary_name": "libmozjs-78-0"
        },
        {
            "binary_version": "78.15.0-4ubuntu1",
            "binary_name": "libmozjs-78-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
mozjs91

Package

Name
mozjs91
Purl
pkg:deb/ubuntu/mozjs91@91.10.0-0ubuntu1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

91.*
91.5.1-0ubuntu1
91.6.0-1
91.6.0-2
91.7.0-2
91.10.0-0ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "91.10.0-0ubuntu1",
            "binary_name": "libmozjs-91-0"
        },
        {
            "binary_version": "91.10.0-0ubuntu1",
            "binary_name": "libmozjs-91-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
thunderbird

Package

Name
thunderbird
Purl
pkg:deb/ubuntu/thunderbird@1:128.12.0+build1-0ubuntu0.22.04.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:128.12.0+build1-0ubuntu0.22.04.1

Affected versions

1:91.*
1:91.1.2+build1-0ubuntu1
1:91.3.0+build2-0ubuntu1
1:91.3.1+build1-0ubuntu1
1:91.3.2+build1-0ubuntu1
1:91.4.0+build1.1-0ubuntu1
1:91.4.0+build2-0ubuntu1
1:91.5.0+build1-0ubuntu1
1:91.5.1+build1-0ubuntu1
1:91.6.1+build1-0ubuntu1
1:91.7.0+build1-0ubuntu1
1:91.7.0+build2-0ubuntu1
1:91.8.0+build2-0ubuntu1
1:91.9.1+build1-0ubuntu0.22.04.1
1:91.11.0+build2-0ubuntu0.22.04.1
1:102.*
1:102.2.2+build1-0ubuntu0.22.04.1
1:102.4.2+build2-0ubuntu0.22.04.1
1:102.7.1+build2-0ubuntu0.22.04.1
1:102.8.0+build2-0ubuntu0.22.04.1
1:102.9.0+build1-0ubuntu0.22.04.1
1:102.10.0+build2-0ubuntu0.22.04.1
1:102.11.0+build1-0ubuntu0.22.04.1
1:102.13.0+build1-0ubuntu0.22.04.1
1:102.15.0+build1-0ubuntu0.22.04.1
1:102.15.1+build1-0ubuntu0.22.04.1
1:115.*
1:115.3.1+build1-0ubuntu0.22.04.2
1:115.4.1+build1-0ubuntu0.22.04.1
1:115.5.0+build1-0ubuntu0.22.04.1
1:115.6.0+build2-0ubuntu0.22.04.1
1:115.8.1+build1-0ubuntu0.22.04.1
1:115.9.0+build1-0ubuntu0.22.04.1
1:115.10.1+build1-0ubuntu0.22.04.1
1:115.11.0+build2-0ubuntu0.22.04.1
1:115.12.0+build3-0ubuntu0.22.04.1
1:115.13.0+build5-0ubuntu0.22.04.1
1:115.15.0+build1-0ubuntu0.22.04.1
1:115.16.0+build2-0ubuntu0.22.04.1
1:115.18.0+build1-0ubuntu0.22.04.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "thunderbird"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "thunderbird-dev"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "thunderbird-gnome-support"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "thunderbird-mozsymbols"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "xul-ext-calendar-timezones"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "xul-ext-gdata-provider"
        },
        {
            "binary_version": "1:128.12.0+build1-0ubuntu0.22.04.1",
            "binary_name": "xul-ext-lightning"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
Ubuntu:24.04:LTS
mozjs102

Package

Name
mozjs102
Purl
pkg:deb/ubuntu/mozjs102@102.15.1-3ubuntu2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

102.*
102.15.1-1
102.15.1-3ubuntu2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "102.15.1-3ubuntu2",
            "binary_name": "libmozjs-102-0t64"
        },
        {
            "binary_version": "102.15.1-3ubuntu2",
            "binary_name": "libmozjs-102-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"
mozjs115

Package

Name
mozjs115
Purl
pkg:deb/ubuntu/mozjs115@115.10.0-1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

115.*
115.3.0-0ubuntu1
115.4.0-2
115.5.0-1
115.6.0-1
115.7.0-4
115.8.0-1
115.9.0-1
115.9.0-1build1
115.10.0-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "115.10.0-1",
            "binary_name": "libmozjs-115-0t64"
        },
        {
            "binary_version": "115.10.0-1",
            "binary_name": "libmozjs-115-dev"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6426.json"