CVE-2025-9182 — Uncontrolled Resource Consumption in Mozilla Firefox

CWE-400 — Uncontrolled Resource Consumption11 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 75.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedAug 19

Latest updateFeb 2

Description

Denial-of-service due to out-of-memory in the Graphics: WebRender component. This vulnerability was fixed in Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird 140.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDmozilla/firefox< 140.2.0+1

▶NVDmozilla/thunderbird< 140.2.0+1

▶Ubuntumozilla/thunderbird< 1:140.7.1+build1-0ubuntu0.22.04.1

🔴Vulnerability Details

OSV

CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component↗2025-08-19

▶

GHSA

GHSA-mv5m-p837-6xm9: 'Denial-of-service due to out-of-memory in the Graphics: WebRender component↗2025-08-19

▶

CVEList

Denial-of-service due to out-of-memory in the Graphics: WebRender component↗2025-08-19

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2026-02-02

▶

Red Hat

firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component↗2025-08-19

▶

Debian

CVE-2025-9182: firefox - Denial-of-service due to out-of-memory in the Graphics: WebRender component. Thi...↗2025

▶

Mozilla

Mozilla Foundation Security Advisory 2025-72: CVE-2025-9182↗

▶

Mozilla

Mozilla Foundation Security Advisory 2025-64: CVE-2025-9182↗

▶