cbcvebase.
CVE-2025-10532
published 2025-09-16

CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird…

medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.

Affected

12 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
debianfirefox-esr< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
debianthunderbird< firefox 143.0-1 (sid)firefox 143.0-1 (sid)
mozillafirefox< 140.3.0140.3.0
mozillafirefox< 143.0143.0
mozillafirefox
mozillathunderbird< 140.3.0140.3.0
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb11u11:140.3.0esr-1~deb11u1
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb12u11:140.3.0esr-1~deb12u1
mozillathunderbird>= 0 < 1:140.3.0esr-1~deb13u11:140.3.0esr-1~deb13u1
mozillathunderbird>= 0 < 1:140.3.0esr-11:140.3.0esr-1
mozillathunderbird>= 141.0 < 143.0143.0

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
osv6.5MEDIUM