Memory Safety Vulnerability in Firefox and Thunderbird Products by Mozilla
CVE-2025-0247

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 7 January 2025

Summary

A set of memory safety issues have been identified in Firefox and Thunderbird versions prior to 134. These issues enable the potential for memory corruption, which could be exploited maliciously to execute arbitrary code if sufficiently exploited. Mozilla has addressed these vulnerabilities in the updated releases, 134, for both products. Users are highly encouraged to update their software to the latest version to mitigate the risks associated with these memory safety bugs.

Affected Version(s)

Firefox < 134

Thunderbird < 134

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1835193%2...

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-04/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025

Credit

Akmat Suleimanov, Jed Davis, André Bargull, and the Mozilla Fuzzing Team