CVE-2025-1937

March 11, 2025, 2:15 a.m.

None
No Score

Description

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

Product(s) Impacted

Product Versions
Firefox
  • < 136
  • < 115.21
  • < 128.8
Thunderbird
  • < 136
  • < 115.21
  • < 128.8

Weaknesses

References

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938471%2C1940716
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-15/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/
http://www.openwall.com/lists/oss-security/2025/03/10/6

Tags

security@mozilla.org
2025-03-04
CVE-2025-1937

Date

  • Published: March 4, 2025, 2:15 p.m.
  • Last Modified: March 11, 2025, 2:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@mozilla.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.