Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-1938

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-1938?

Mozilla has identified memory safety bugs affecting specific versions of Firefox and Thunderbird that may allow for memory corruption. These vulnerabilities could potentially be exploited to execute arbitrary code. Users are advised to update to the latest versions, Firefox 136 and Thunderbird 136, or their respective ESR versions, to mitigate any risks associated with these vulnerabilities.

Affected Version(s)

Firefox < 136

Firefox ESR < 128.8

Thunderbird < 136

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2...

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-16/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

Julien Wajsberg, the Mozilla Fuzzing Team