Privilege Escalation Vulnerability in Firefox and Thunderbird
CVE-2025-3032

7.4HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 1 April 2025

Summary

A vulnerability has been identified in Firefox and Thunderbird that could lead to privilege escalation attacks. This issue arises from the leaking of file descriptors from the fork server to web content processes, potentially allowing unauthorized access and manipulation of web content. Users of affected versions should consider updating to mitigate the risk. For more details, refer to the official Mozilla security advisories.

Affected Version(s)

Firefox < 137

Thunderbird < 137

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1949987

https://www.mozilla.org/security/advisories/mfsa2025-20/

https://www.mozilla.org/security/advisories/mfsa2025-23/

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Thinker Li