Stack Value Leak in Mozilla Firefox and Thunderbird
CVE-2025-3031

Currently unrated

Key Information:

Vendor
Mozilla
Status
Firefox
Thunderbird
Vendor
CVE Published:
1 April 2025

Summary

A vulnerability in Firefox and Thunderbird allows attackers to read 32 bits of data that may inadvertently spill onto the stack during JIT compilation. This poses risks as sensitive information may be exposed without proper authorization, potentially leading to further exploitation. Users are encouraged to ensure they are running the latest versions of these products to mitigate the risks associated with this security flaw.

Affected Version(s)

Firefox < 137

Thunderbird < 137

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1947141
https://www.mozilla.org/security/advisories/mfsa2025-20/
https://www.mozilla.org/security/advisories/mfsa2025-23/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

anbu
.