RegExp Processing Flaw in Firefox by Mozilla
CVE-2025-1934

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-1934?

A flaw has been identified in the handling of RegExp bailout within the JavaScript engine of Firefox, allowing the potential interruption of processing. This vulnerability can enable the execution of additional JavaScript code and trigger garbage collection in an unexpected manner. Affected versions include Firefox below 136 and Firefox ESR below 128.8, posing risks to user experience and application stability.

Affected Version(s)

Firefox < 136

Firefox ESR < 128.8

Thunderbird < 136

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1942881

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-16/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Nils Bars