Use-After-Free Vulnerability in Mozilla Firefox and Thunderbird Products
CVE-2025-11708

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11708?

A use-after-free vulnerability exists in the MediaTrackGraphImpl::GetInstance() function, which can lead to potential security risks in affected versions of Mozilla Firefox and Thunderbird. This flaw can be exploited by attackers to potentially execute arbitrary code or cause application crashes, compromising user data and security. The vulnerability affects specific versions of Firefox and Thunderbird, emphasizing the importance of upgrading to secure versions promptly.

Affected Version(s)

Firefox < 144

Firefox ESR < 140.4

Thunderbird < 144

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1988931

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://www.mozilla.org/security/advisories/mfsa2025-83/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

Irvan Kurniawan

JSON