Memory Corruption Issue in Firefox and Thunderbird by Mozilla
CVE-2025-0241

7.7HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 7 January 2025

Summary

Mozilla's Firefox and Thunderbird products have a vulnerability where specially crafted text can cause memory corruption during segmentation. This exploitation might lead to crashes in affected versions, creating a potential attack vector for malicious actors. Security updates are recommended to mitigate this issue.

Affected Version(s)

Firefox < 134

Firefox ESR < 128.6

Thunderbird < 134

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1933023

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-02/

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025

Credit

Nils Bars