Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-8040

Currently unrated

Key Information:

Vendor

Mozilla
Status
Firefox
Firefox Esr
Thunderbird
Vendor
CVE Published:
22 July 2025

What is CVE-2025-8040?

Mozilla has identified memory safety bugs across several versions of Firefox and Thunderbird. These vulnerabilities can lead to potential memory corruption, creating a vector for attackers to exploit. Particularly, the affected versions include Firefox ESR 140.0, Thunderbird ESR 140.0, and their standard counterparts within the 140 series. Users are urged to update to the latest versions to mitigate the risk of arbitrary code execution that could arise from this issue. For detailed remediation steps and further insights, refer to Mozilla's security advisories.

Affected Version(s)

Firefox < 141

Firefox ESR < 140.1

Thunderbird < 141

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2...
https://www.mozilla.org/security/advisories/mfsa2025-56/
https://www.mozilla.org/security/advisories/mfsa2025-59/

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrew McCreight, Ashley Zebrowski
.
CVE-2025-8040 : Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla