Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-8035

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-8035?

The vulnerability affecting Mozilla's Firefox and Thunderbird is associated with memory safety bugs that can potentially lead to memory corruption. These flaws are present in certain versions of Firefox and Thunderbird, specifically in the ESR 128.12 and 140.0 series, which could allow attackers to execute arbitrary code with sufficient effort. Users are strongly advised to update to the latest versions, as Mozilla has addressed these issues in the most recent releases.

Affected Version(s)

Firefox < 141

Firefox ESR < 128.13

Firefox ESR < 140.1

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2...

https://www.mozilla.org/security/advisories/mfsa2025-56/

https://www.mozilla.org/security/advisories/mfsa2025-58/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

the Mozilla Fuzzing Team