Memory Safety Vulnerability in Mozilla Firefox and Thunderbird
CVE-2025-4091

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-4091?

This vulnerability manifests as memory safety bugs in Mozilla Firefox and Thunderbird, allowing potential memory corruption. Specific versions of Firefox and Thunderbird are affected, and although evidence suggests the likelihood of exploitability for arbitrary code execution exists, detailed exploitation has not been demonstrated. Users of versions prior to Firefox 138 and Thunderbird 138 should upgrade to the latest versions to protect against potential threats. Regular updates and security measures are essential for maintaining system integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Firefox < 138

Firefox ESR < 128.10

Thunderbird < 138

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2...

https://www.mozilla.org/security/advisories/mfsa2025-28/

https://www.mozilla.org/security/advisories/mfsa2025-29/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Maurice Dauer and the Mozilla Fuzzing Team

JSON

Mozilla

What is CVE-2025-4091?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.