Memory Safety Vulnerability in Mozilla's Firefox and Thunderbird Products
CVE-2025-0243

5.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 7 January 2025

What is CVE-2025-0243?

Multiple memory safety bugs found in Firefox and Thunderbird could potentially be exploited for arbitrary code execution. These vulnerabilities are present in versions of Firefox 133 and earlier, Firefox ESR 128.5 and earlier, Thunderbird 133 and earlier, and Thunderbird ESR 128.5 and earlier. It is critical for users to update to the latest versions (Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird ESR 128.6) to mitigate potential security risks associated with these bugs.

Affected Version(s)

Firefox < 134

Firefox ESR < 128.6

Thunderbird < 134

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2...

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-02/

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 7, 2025

Credit

Andrew Osmond and the Mozilla Fuzzing Team

JSON