CVE-2025-9181
published 2025-08-19CVE-2025-9181: Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 142.0-1 (sid) | firefox 142.0-1 (sid) |
| debian | firefox-esr | < firefox 142.0-1 (sid) | firefox 142.0-1 (sid) |
| debian | thunderbird | < firefox 142.0-1 (sid) | firefox 142.0-1 (sid) |
| mozilla | firefox | < 128.14.0 | 128.14.0 |
| mozilla | firefox | < 142.0 | 142.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 140.0 < 140.2.0 | 140.2.0 |
| mozilla | thunderbird | < 128.14.0 | 128.14.0 |
| mozilla | thunderbird | < 142.0 | 142.0 |
| mozilla | thunderbird | >= 0 < 1:128.14.0esr-1~deb11u1 | 1:128.14.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.14.0esr-1~deb12u1 | 1:128.14.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.14.0esr-1~deb13u1 | 1:128.14.0esr-1~deb13u1 |
| mozilla | thunderbird | >= 0 < 1:128.14.0esr-1 | 1:128.14.0esr-1 |
| mozilla | thunderbird | >= 140.0 < 140.2.0 | 140.2.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
osv6.5MEDIUM