Memory Safety Vulnerability in Mozilla's Firefox and Thunderbird Products
CVE-2025-0243

5.1MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird; Thunderbird Esr
Vendor: CVE Published:; 7 January 2025

Summary

Multiple memory safety bugs found in Firefox and Thunderbird could potentially be exploited for arbitrary code execution. These vulnerabilities are present in versions of Firefox 133 and earlier, Firefox ESR 128.5 and earlier, Thunderbird 133 and earlier, and Thunderbird ESR 128.5 and earlier. It is critical for users to update to the latest versions (Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird ESR 128.6) to mitigate potential security risks associated with these bugs.

Affected Version(s)

Firefox < 134

Firefox ESR < 128.6

Thunderbird < 134

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1827142%2...

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-02/

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025

Credit

Andrew Osmond and the Mozilla Fuzzing Team