PT-2025-22993 · Mozilla+11 · Thunderbird+14

Masayuki Nakano

Published

2025-05-27

Updated

2025-12-03

CVE-2025-5268

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Firefox ESR versions prior to 128.11 Thunderbird versions prior to 139 Thunderbird ESR versions prior to 128.11

Description The issue is related to memory safety bugs that have been identified in the affected software. These bugs have shown evidence of memory corruption, and it is presumed that with sufficient effort, some of these bugs could be exploited to run arbitrary code.

Recommendations For Firefox versions prior to 139, update to version 139 or later. For Firefox ESR versions prior to 128.11, update to version 128.11 or later. For Thunderbird versions prior to 139, update to version 139 or later. For Thunderbird ESR versions prior to 128.11, update to version 128.11 or later.

Fix

Buffer Overflow

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-77

Related Identifiers

ALSA-2025:8293

ALSA-2025:8308

ALSA-2025:8341

ALSA-2025:8607

ALSA-2025:8608

ALSA-2025:8756

ALT-PU-2025-11100

ALT-PU-2025-11495

ALT-PU-2025-11497

ALT-PU-2025-14599

ALT-PU-2025-8611

ALT-PU-2025-8725

BDU:2025-06225

CESA-2025_8308

CESA-2025_8756

CVE-2025-5268

DLA-4191-1

DLA-4194-1

DSA-5926-1

DSA-5932-1

INFSA-2025_8293

INFSA-2025_8308

INFSA-2025_8607

INFSA-2025_8756

MGASA-2025-0195

MGASA-2025-0197

OESA-2025-1633

OESA-2025-1634

OESA-2025-1635

OESA-2025-1636

OESA-2025-1835

OPENSUSE-SU-2025-20135-1

OPENSUSE-SU-2025:15170-1

OPENSUSE-SU-2025:15174-1

OPENSUSE-SU-2025:15196-1

OPENSUSE-SU-2025:15315-1

OPENSUSE-SU-2025:20135-1

RHSA-2025:8293

RHSA-2025:8308

RHSA-2025:8341

RHSA-2025:8598

RHSA-2025:8599

RHSA-2025:8607

RHSA-2025:8608

RHSA-2025:8628

RHSA-2025:8629

RHSA-2025:8630

RHSA-2025:8631

RHSA-2025:8642

RHSA-2025:8756

RHSA-2025:9071

RHSA-2025:9072

RHSA-2025:9073

RHSA-2025:9074

RHSA-2025:9075

RHSA-2025:9076

RHSA-2025:9077

RHSA-2025:9155

RHSA-2025_8293

RHSA-2025_8308

RHSA-2025_8607

RHSA-2025_8756

SUSE-SU-2025:01769-1

SUSE-SU-2025:01814-1

SUSE-SU-2025:01946-1

SUSE-SU-2025:21170-1

SUSE-SU-2025_01769-1

SUSE-SU-2025_01814-1

USN-7663-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Thunderbird Esr

Ubuntu

PT-2025-22993 · Mozilla+11 · Thunderbird+14

CVE-2025-5268

Weakness Enumeration

Related Identifiers

Affected Products

References · 302