Memory Safety Vulnerabilities in Firefox and Thunderbird by Mozilla
CVE-2025-9185

8.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-9185?

This vulnerability consists of memory safety bugs found in multiple versions of Mozilla's Firefox and Thunderbird applications. These bugs may lead to memory corruption, which poses a risk for potential exploitation to execute arbitrary code. The affected versions include Firefox and Thunderbird prior to 142, and specific ESR versions of Firefox and Thunderbird prior to 115.27, 128.14, and 140.2. Users are advised to upgrade to the latest versions to mitigate the risks associated with these vulnerabilities.

Affected Version(s)

Firefox < 142

Firefox ESR < 115.27

Firefox ESR < 128.14

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2...

https://www.mozilla.org/security/advisories/mfsa2025-64/

https://www.mozilla.org/security/advisories/mfsa2025-65/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 19, 2025

Credit

The Mozilla Fuzzing Team