JavaScript Engine Vulnerability in Firefox and Thunderbird
CVE-2025-8033

6.5MEDIUM

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-8033?

This vulnerability occurs in the JavaScript engine, where closed generators are improperly handled, allowing them to be resumed unintentionally. This leads to potential null pointer dereference scenarios, which could allow an attacker to exploit this condition and affect the stability and security of the affected products. Users of Firefox and Thunderbird are advised to update to the latest versions to mitigate this risk.

Affected Version(s)

Firefox < 141

Firefox ESR < 115.26

Firefox ESR < 128.13

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1973990

https://www.mozilla.org/security/advisories/mfsa2025-56/

https://www.mozilla.org/security/advisories/mfsa2025-57/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Shaheen Fazim