JavaScript Engine Vulnerability in Firefox and Thunderbird
CVE-2025-8033

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-8033?

This vulnerability occurs in the JavaScript engine, where closed generators are improperly handled, allowing them to be resumed unintentionally. This leads to potential null pointer dereference scenarios, which could allow an attacker to exploit this condition and affect the stability and security of the affected products. Users of Firefox and Thunderbird are advised to update to the latest versions to mitigate this risk.

Affected Version(s)

Firefox < 141

Firefox ESR < 115.26

Firefox ESR < 128.13

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1973990

https://www.mozilla.org/security/advisories/mfsa2025-56/

https://www.mozilla.org/security/advisories/mfsa2025-57/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Shaheen Fazim

Mozilla

What is CVE-2025-8033?

Affected Version(s)

References

Timeline

Credit