Memory Safety Bugs in Firefox and Thunderbird Affecting Mozilla Products
CVE-2025-0242

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird; Thunderbird Esr
Vendor: CVE Published:; 7 January 2025

Summary

Multiple memory safety vulnerabilities have been identified in Mozilla Firefox and Thunderbird, specifically in versions 133 and earlier. These vulnerabilities can lead to memory corruption, and while exploitation of these bugs is not guaranteed, they possess the potential to allow attackers to execute arbitrary code if successfully manipulated. The affected versions include Firefox and Thunderbird prior to version 134, as well as specific extended support releases (ESR) prior to versions 115.19 and 128.6. Users and administrators are recommended to upgrade to the latest versions to mitigate these risks.

Affected Version(s)

Firefox < 134

Firefox ESR < 128.6

Firefox ESR < 115.19

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1874523%2...

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-02/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025

Credit

Andrew McCreight, Tooru Fujisawa, and the Mozilla Fuzzing Team