PT-2025-33871 · Mozilla+11 · Thunderbird+14
Published
2025-08-19
·
Updated
2026-02-02
·
CVE-2025-9185
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Firefox versions prior to 142
Firefox ESR versions 115.26 through 115.26, 128.13 through 128.13, and 140.1 through 140.1
Thunderbird versions prior to 142
Thunderbird ESR versions 128.13 through 128.13, 140.1 through 140.1
Description:
Memory safety bugs are present in the software. Some of these bugs showed evidence of memory corruption, and it is presumed that with sufficient effort, some of them could have been exploited to run arbitrary code.
Recommendations:
Update Firefox to version 142 or later.
Update Firefox ESR to version 115.27 or later.
Update Firefox ESR to version 128.14 or later.
Update Firefox ESR to version 140.2 or later.
Update Thunderbird to version 142 or later.
Update Thunderbird ESR to version 128.14 or later.
Update Thunderbird ESR to version 140.2 or later.
Fix
Access of Uninitialized Pointer
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Thunderbird Esr
Ubuntu