CVE-2025-0242Out-of-bounds Write in Mozilla Firefox

CWE-787Out-of-bounds WriteCWE-120Classic Buffer Overflow14 documents8 sources
Severity
6.5MEDIUMNVD
OSV5.4
EPSS
2.9%
top 13.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedJan 7
Latest updateJul 22

Description

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages4 packages

NVDmozilla/firefox116.0128.6.0+2
Ubuntumozilla/firefox< 134.0+build1-0ubuntu0.20.04.1
NVDmozilla/thunderbird129.0134.0+1
Debianmozilla/thunderbird< 1:128.6.0esr-1~deb11u1+3

🔴Vulnerability Details

4
OSV
firefox vulnerabilities2025-01-09
CVEList
Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.62025-01-07
GHSA
GHSA-qw28-p6qx-vj78: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 1152025-01-07
OSV
CVE-2025-0242: Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 1152025-01-07

📋Vendor Advisories

9
Ubuntu
Thunderbird vulnerabilities2025-07-22
Ubuntu
Firefox vulnerabilities2025-01-09
Red Hat
firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.62025-01-07
Debian
CVE-2025-0242: firefox - Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, ...2025
Mozilla
Mozilla Foundation Security Advisory 2025-05: CVE-2025-0242
CVE-2025-0242 — Out-of-bounds Write in Mozilla Firefox | cvebase