Memory Safety Flaws in Firefox and Thunderbird by Mozilla
CVE-2025-9187

9.8CRITICAL

Key Information:

Vendor: Mozilla
Status: Firefox; Thunderbird
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-9187?

Mozilla has identified memory safety bugs in Firefox and Thunderbird, specifically in versions prior to 142. These vulnerabilities indicate potential memory corruption issues, which could be leveraged by attackers to execute arbitrary code through sophisticated exploits. Users of affected versions are strongly urged to update to Firefox and Thunderbird 142 or later to mitigate the risks posed by these flaws.

Affected Version(s)

Firefox < 142

Thunderbird < 142

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1825621%2...

https://www.mozilla.org/security/advisories/mfsa2025-64/

https://www.mozilla.org/security/advisories/mfsa2025-70/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 19, 2025

Credit

Andy Leiserson, Maurice Dauer, Sebastian Hengst and the Mozilla Fuzzing Team