CVE-2025-3608Race Condition in Mozilla Firefox

CWE-362Race ConditionCWE-364Signal Handler Race Condition7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 59.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedApr 15

Description

A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 2.2 | Impact: 4.2

Affected Packages1 packages

NVDmozilla/firefox< 137.0.2

🔴Vulnerability Details

3
GHSA
GHSA-6rrc-vwrv-cwxc: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable conditi2025-04-15
OSV
CVE-2025-3608: A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable conditi2025-04-15
CVEList
Race condition in nsHttpTransaction could lead to memory corruption2025-04-15

📋Vendor Advisories

3
Red Hat
firefox: Race condition in nsHttpTransaction could lead to memory corruption2025-04-15
Debian
CVE-2025-3608: firefox - A race condition existed in nsHttpTransaction that could have been exploited to ...2025
Mozilla
Mozilla Foundation Security Advisory 2025-25: CVE-2025-3608
CVE-2025-3608 — Race Condition in Mozilla Firefox | cvebase