Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-3034

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 1 April 2025

What is CVE-2025-3034?

Mozilla's Firefox and Thunderbird are impacted by memory safety issues that could allow for potential memory corruption. Versions prior to 137 exhibit these vulnerabilities, which represent a significant risk as they may be exploitable under certain conditions. This can potentially lead to arbitrary code execution if successfully exploited. Mozilla has addressed these bugs in the latest versions, and users are advised to update promptly to secure their systems against these weaknesses.

Affected Version(s)

Firefox < 137

Thunderbird < 137

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1894100%2...

https://www.mozilla.org/security/advisories/mfsa2025-20/

https://www.mozilla.org/security/advisories/mfsa2025-23/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Andrew McCreight and the Mozilla Fuzzing Team