Memory Safety Bugs in Firefox and Thunderbird by Mozilla
CVE-2025-6436

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 24 June 2025

Badges

📰 News Worthy

What is CVE-2025-6436?

Mozilla's Firefox and Thunderbird have been found to contain memory safety bugs that can potentially lead to memory corruption. These vulnerabilities, affecting versions prior to 140, raise concerns as they may be leveraged to execute arbitrary code, posing a risk to users. Prompt updates to the latest versions are recommended to mitigate these vulnerabilities and safeguard your data.

Affected Version(s)

Firefox < 140

Thunderbird < 140

News Articles

CyberSecurityNews

CVE-2025-6436 CVE-2025-6424

Firefox 140 Released With Fix for Code Execution Vulnerability - Update Now

Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution.

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1941377%2...

https://www.mozilla.org/security/advisories/mfsa2025-51/

https://www.mozilla.org/security/advisories/mfsa2025-54/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by CyberSecurityNews
Jun 26, 2025
Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

Andrew McCreight, Gabriele Svelto, Beth Rennie (she/her), the Mozilla Fuzzing Team