This email has been sent from the Critical Vulnerabilities notification of the SURF/secops project.

3 vulnerabilities have been updated on 2025-10-15 between 18:00 and 18:59.

Critical Vulnerabilities (3)

CVE-2025-11719 - 9.8

Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.

CVE-2025-20286 - 9.9

A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access...

CVE-2025-11719 - 9.8

Starting in Firefox 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability affects Firefox < 144 and Thunderbird < 144.