CVE-2025-11721 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mozilla Firefox

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.1%

top 81.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedOct 14

Description

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDmozilla/firefox143.0 — 144.0

▶NVDmozilla/thunderbird143.0 — 144.0

🔴Vulnerability Details

CVEList

Memory safety bug fixed in Firefox 144 and Thunderbird 144↗2025-10-14

▶

OSV

CVE-2025-11721: Memory safety bug present in Firefox 143 and Thunderbird 143↗2025-10-14

▶

GHSA

GHSA-r25g-xjc5-pcrv: Memory safety bug present in Firefox 143 and Thunderbird 143↗2025-10-14

▶

📋Vendor Advisories

Red Hat

thunderbird: firefox: Memory safety bug fixed in Firefox 144 and Thunderbird 144↗2025-10-14

▶

Debian

CVE-2025-11721: firefox - Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed ev...↗2025

▶

Mozilla

Mozilla Foundation Security Advisory 2025-84: CVE-2025-11721↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-81: CVE-2025-11721↗

▶