Memory Safety Vulnerabilities in Firefox and Thunderbird from Mozilla
CVE-2025-10537

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Vendor
CVE Published:
16 September 2025

What is CVE-2025-10537?

Mozilla Firefox and Thunderbird have been found to contain memory safety bugs in versions 140.2 of their ESR line and version 142. These vulnerabilities exhibit signs of memory corruption, raising concerns about their potential exploitation for executing arbitrary code. Specifically, Firefox versions below 143 and Firefox ESR versions below 140.3 are impacted. Users are advised to update to the latest versions to mitigate these risks and enhance security.

Affected Version(s)

Firefox < 143

Firefox ESR < 140.3

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2...
https://www.mozilla.org/security/advisories/mfsa2025-73/
https://www.mozilla.org/security/advisories/mfsa2025-75/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew McCreight and the Mozilla Fuzzing Team
.
CVE-2025-10537 : Memory Safety Vulnerabilities in Firefox and Thunderbird from Mozilla