Memory Safety Vulnerability in Mozilla Firefox and Thunderbird
CVE-2025-4091

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-4091?

This vulnerability manifests as memory safety bugs in Mozilla Firefox and Thunderbird, allowing potential memory corruption. Specific versions of Firefox and Thunderbird are affected, and although evidence suggests the likelihood of exploitability for arbitrary code execution exists, detailed exploitation has not been demonstrated. Users of versions prior to Firefox 138 and Thunderbird 138 should upgrade to the latest versions to protect against potential threats. Regular updates and security measures are essential for maintaining system integrity.

Affected Version(s)

Firefox < 138

Firefox ESR < 128.10

Thunderbird < 138

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1951161%2...

https://www.mozilla.org/security/advisories/mfsa2025-28/

https://www.mozilla.org/security/advisories/mfsa2025-29/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Maurice Dauer and the Mozilla Fuzzing Team