PT-2025-33866 · Mozilla+10 · Thunderbird+12

Oskar

Published

2025-08-19

Updated

2026-02-02

CVE-2025-9179

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 142 Firefox ESR versions prior to 115.27 Firefox ESR versions prior to 128.14 Firefox ESR versions prior to 140.2 Thunderbird versions prior to 142 Thunderbird versions prior to 128.14 Thunderbird versions prior to 140.2

Description: An attacker was able to perform memory corruption in the GMP process, which processes encrypted media. This process is heavily sandboxed, but represents slightly different privileges from the content process.

Recommendations: Update Firefox to version 142 or later. Update Firefox ESR to version 115.27 or later. Update Firefox ESR to version 128.14 or later. Update Firefox ESR to version 140.2 or later. Update Thunderbird to version 142 or later. Update Thunderbird to version 128.14 or later. Update Thunderbird to version 140.2 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025:14416

ALSA-2025:14417

ALSA-2025:14442

ALSA-2025:14640

ALSA-2025:14743

ALSA-2025:14844

ALT-PU-2025-11100

ALT-PU-2025-12559

ALT-PU-2025-12562

ALT-PU-2025-14599

BDU:2025-10496

CESA-2025_14442

CESA-2025_14743

CVE-2025-9179

DLA-4277-1

DLA-4279-1

DSA-5980-1

DSA-5984-1

INFSA-2025_14416

INFSA-2025_14442

INFSA-2025_14640

INFSA-2025_14743

MGASA-2025-0227

MGASA-2025-0228

OESA-2025-2094

OESA-2025-2095

OESA-2025-2096

OESA-2025-2097

OESA-2025-2099

OESA-2025-2292

OPENSUSE-SU-2025-20135-1

OPENSUSE-SU-2025:15467-1

OPENSUSE-SU-2025:15472-1

OPENSUSE-SU-2025:15494-1

OPENSUSE-SU-2025:15516-1

OPENSUSE-SU-2025:20135-1

RHSA-2025:14416

RHSA-2025:14417

RHSA-2025:14442

RHSA-2025:14640

RHSA-2025:14743

RHSA-2025:14844

RHSA-2025:15418

RHSA-2025:15419

RHSA-2025:15420

RHSA-2025:15421

RHSA-2025:15422

RHSA-2025:15423

RHSA-2025:15424

RHSA-2025:15430

RHSA-2025:15434

RHSA-2025:15435

RHSA-2025:15436

RHSA-2025:15437

RHSA-2025:15438

RHSA-2025:15496

RHSA-2025:15535

RHSA-2025_14416

RHSA-2025_14442

RHSA-2025_14640

RHSA-2025_14743

SUSE-SU-2025:03007-1

SUSE-SU-2025:03008-1

SUSE-SU-2025:03009-1

SUSE-SU-2025:21170-1

SUSE-SU-2025_03008-1

SUSE-SU-2025_03009-1

USN-7991-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Firefox

Firefox Esr

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Thunderbird

Ubuntu

PT-2025-33866 · Mozilla+10 · Thunderbird+12

CVE-2025-9179

Weakness Enumeration

Related Identifiers

Affected Products

References · 287