Use-After-Free Vulnerability in Mozilla Firefox
CVE-2025-1931

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 March 2025

Summary

A use-after-free vulnerability in the content process of Mozilla Firefox's WebTransport connection may lead to a potentially exploitable crash. The issue affects several versions of Firefox, including versions below 136 and Firefox ESR below 115.21 and 128.8. Attackers may leverage this vulnerability to execute malicious code, increasing the risk of system exploits.

Affected Version(s)

Firefox < 136

Firefox ESR < 115.21

Firefox ESR < 128.8

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1944126

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-15/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

sherkito