Memory Safety Issues in Firefox and Thunderbird by Mozilla
CVE-2025-4092

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 29 April 2025

What is CVE-2025-4092?

Memory safety vulnerabilities have been identified in Mozilla's Firefox and Thunderbird applications. These issues can lead to memory corruption, potentially allowing an attacker to exploit the vulnerabilities and execute arbitrary code. Users are encouraged to update to Firefox and Thunderbird version 138 or later to mitigate any risks associated with these flaws.

Affected Version(s)

Firefox < 138

Thunderbird < 138

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2...

https://www.mozilla.org/security/advisories/mfsa2025-28/

https://www.mozilla.org/security/advisories/mfsa2025-31/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Randell Jesup, Jens Stutte, and the Mozilla Fuzzing Team