PT-2025-37938 · Mozilla+10 · Thunderbird+13

Andrew Mccreight

·

Published

2025-01-01

·

Updated

2026-02-02

·

CVE-2025-10537

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 143 Firefox ESR versions prior to 140.3 Thunderbird versions prior to 143 Thunderbird ESR versions prior to 140.3
Description The software contains memory safety bugs, some of which demonstrate evidence of memory corruption. It is presumed that, with sufficient effort, these bugs could potentially be exploited to execute arbitrary code.
Recommendations Update Firefox to version 143 or later. Update Firefox ESR to version 140.3 or later. Update Thunderbird to version 143 or later. Update Thunderbird ESR to version 140.3 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALSA-2025:16108
ALSA-2025:16109
ALSA-2025:16156
ALSA-2025:16157
ALSA-2025:16260
ALSA-2025:16589
ALT-PU-2025-12559
ALT-PU-2025-12562
ALT-PU-2025-13161
ALT-PU-2025-14599
BDU:2025-11384
CESA-2025_16260
CESA-2025_16589
CVE-2025-10537
DLA-4305-1
DLA-4305-2
DLA-4311-1
DSA-6003-1
DSA-6003-2
DSA-6011-1
INFSA-2025_16108
INFSA-2025_16156
INFSA-2025_16260
INFSA-2025_16589
MGASA-2025-0246
MGASA-2025-0247
OESA-2025-2340
OESA-2025-2341
OESA-2025-2359
OESA-2025-2360
OESA-2025-2361
OESA-2025-2557
OPENSUSE-SU-2025:15555-1
OPENSUSE-SU-2025:15560-1
OPENSUSE-SU-2025:15565-1
OPENSUSE-SU-2025:20021-1
OPENSUSE-SU-2025:20065-1
RHSA-2025_16108
RHSA-2025_16156
RHSA-2025_16260
RHSA-2025_16589
SUSE-SU-2025:03291-1
SUSE-SU-2025:03309-1
SUSE-SU-2025:21021-1
SUSE-SU-2025_03291-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Thunderbird Esr
Ubuntu