Memory Safety Flaws in Mozilla Firefox and Thunderbird Products
CVE-2025-1943

8.2HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 4 March 2025

Summary

Mozilla Firefox and Thunderbird have been identified to have memory safety bugs that may lead to memory corruption. These vulnerabilities affect versions prior to 136 and, if exploited, could potentially allow the execution of arbitrary code. Users are advised to upgrade to the latest versions to mitigate any risks associated with these vulnerabilities. For detailed information, refer to the Mozilla security advisories and bug reports.

Affected Version(s)

Firefox < 136

Thunderbird < 136

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2...

https://www.mozilla.org/security/advisories/mfsa2025-14/

https://www.mozilla.org/security/advisories/mfsa2025-17/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Mar 4, 2025

Credit

the Mozilla Fuzzing Team, Andrew McCreight, Sebastian Hengst, Randell Jesup