CVE-2025-5262

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 115.24 Firefox ESR versions prior to 128.11

Description A double-free issue could occur in the vpx codec enc init multi function after a failed allocation when initializing the encoder for WebRTC, potentially causing memory corruption and a crash.

Recommendations For Firefox versions prior to 139, update to version 139 or later. For Firefox ESR versions prior to 115.24, update to version 115.24 or later. For Firefox ESR versions prior to 128.11, update to version 128.11 or later.

Fix

RCE

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2025-11495

ALT-PU-2025-8611

CVE-2025-5262

MGASA-2025-0195

MGASA-2025-0197

OPENSUSE-SU-2025:15170-1

OPENSUSE-SU-2025:15174-1

SUSE-SU-2025:01946-1

Affected Products

Alt Linux

Astra Linux

Firefox

CVE-2025-5262

Weakness Enumeration

Related Identifiers

Affected Products

References · 51