Out-of-Bounds Access Vulnerability in Firefox by Mozilla
CVE-2025-1932

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 4 March 2025

Summary

The security vulnerability arises from an inconsistent comparator within the txNodeSorter component of the XSLT processing in Firefox. This flaw may lead to out-of-bounds access, which can be exploited under specific conditions by malicious actors. The risk is exclusive to Firefox versions below 136 and Firefox ESR versions below 128.8, potentially impacting the integrity and confidentiality of user data.

Affected Version(s)

Firefox < 136

Firefox ESR < 128.8

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1944313

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-16/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Ivan Fratric of Google Project Zero