CVE-2025-11710Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information ExposureCWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 73.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedOct 14
Latest updateFeb 2

Description

A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDmozilla/firefox116.0140.4.0+2
NVDmozilla/thunderbird141.0144.0+1
Debianmozilla/thunderbird< 1:140.4.0esr-1~deb11u1+3

🔴Vulnerability Details

3
OSV
CVE-2025-11710: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromi2025-10-14
CVEList
Cross-process information leaked due to malicious IPC messages2025-10-14
GHSA
GHSA-ff52-484q-63r5: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromi2025-10-14

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2026-02-02
Red Hat
thunderbird: firefox: Cross-process information leaked due to malicious IPC messages2025-10-14
Debian
CVE-2025-11710: firefox - A compromised web process using malicious IPC messages could have caused the pri...2025
Mozilla
Mozilla Foundation Security Advisory 2025-81: CVE-2025-11710
Mozilla
Mozilla Foundation Security Advisory 2025-84: CVE-2025-11710
CVE-2025-11710 — Sensitive Information Exposure | cvebase