Use-After-Free Vulnerability in Mozilla Firefox
CVE-2025-1931

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Firefox Esr
Vendor
CVE Published:
4 March 2025

Summary

A use-after-free vulnerability in the content process of Mozilla Firefox's WebTransport connection may lead to a potentially exploitable crash. The issue affects several versions of Firefox, including versions below 136 and Firefox ESR below 115.21 and 128.8. Attackers may leverage this vulnerability to execute malicious code, increasing the risk of system exploits.

Affected Version(s)

Firefox < 136

Firefox ESR < 115.21

Firefox ESR < 128.8

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1944126
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-15/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

sherkito
.