CVE-2025-1934

March 12, 2025, 5:15 p.m.

None
No Score

Description

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Product(s) Impacted

Product Versions
Firefox ESR
  • < 128.8
Firefox
  • < 136
  • < 128.8

Weaknesses

CWE-185
Incorrect Regular Expression
The product specifies a regular expression in a way that causes data to be improperly matched or compared.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1942881
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

Tags

security@mozilla.org
CWE-185
2025-03-04
CVE-2025-1934

Date

  • Published: March 4, 2025, 2:15 p.m.
  • Last Modified: March 12, 2025, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@mozilla.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.