Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-11715

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-11715?

Several memory safety bugs have been identified in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. These bugs indicate potential memory corruption flaws, which, with sufficient effort, could allow attackers to run arbitrary code. Affected versions are Firefox below 144, Firefox ESR below 140.4, Thunderbird below 144, and Thunderbird ESR below 140.4. It's essential for users to update to the latest versions to mitigate these risks.

Affected Version(s)

Firefox < 144

Firefox ESR < 140.4

Thunderbird < 144

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2...

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://www.mozilla.org/security/advisories/mfsa2025-83/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

The Mozilla Fuzzing Team

JSON