CVE-2025-1943

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281	Broken Link
https://www.mozilla.org/security/advisories/mfsa2025-14/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-17/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

History

No history.

Information

Published : 2025-03-04 14:15

Updated : 2025-04-03 13:30

NVD link : CVE-2025-1943

Mitre link : CVE-2025-1943

CVE.ORG link : CVE-2025-1943

JSON object : View

Products Affected

mozilla

thunderbird
firefox

CWE

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2025-1943", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2025-03-04T14:15:39.260", "references": [{"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1869650%2C1938451%2C1940326%2C1944052%2C1944063%2C1947281", "tags": ["Broken Link"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Thunderbird < 136."}, {"lang": "es", "value": "Vulnerabilidades de seguridad en la gesti\u00f3n de memoria presentes en Firefox 135 y Thunderbird 135. Algunas de estas vulnerabilidades muestran evidencia de corrupci\u00f3n en la memoria y se presume que, con suficiente esfuerzo, algunas de ellas podr\u00edan ser explotadas para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox < 136."}], "lastModified": "2025-04-03T13:30:58.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB4CDD0-EC54-43D0-ACB2-F159ABA53D2C", "versionEndExcluding": "136.0"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43A02EBD-58CF-4057-A3D7-3828B599D954", "versionEndExcluding": "136.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}