PT-2025-3806 · Mozilla+9 · Thunderbird+10

Nils Bars

·

Published

2025-01-07

·

Updated

2026-02-02

·

CVE-2025-0240

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 134 Firefox ESR versions prior to 128.6 Thunderbird versions prior to 134 Thunderbird versions prior to 128.6
Description Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free.
Recommendations For Firefox versions prior to 134, update to version 134 or later. For Firefox ESR versions prior to 128.6, update to version 128.6 or later. For Thunderbird versions prior to 134, update to version 134 or later. For Thunderbird versions prior to 128.6, update to version 128.6 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:0080
ALSA-2025:0144
ALT-PU-2025-1154
ALT-PU-2025-1681
ALT-PU-2025-1972
ALT-PU-2025-1984
ALT-PU-2025-2027
ALT-PU-2025-2230
BDU:2025-02401
CESA-2025_0144
CESA-2025_0281
CVE-2025-0240
DLA-4011-1
DLA-4012-1
DSA-5839-1
DSA-5841-1
INFSA-2025_0080
INFSA-2025_0144
MGASA-2025-0009
MGASA-2025-0010
OESA-2025-1049
OESA-2025-1050
OESA-2025-1835
OPENSUSE-SU-2025:14619-1
OPENSUSE-SU-2025:14630-1
OPENSUSE-SU-2025:14648-1
OPENSUSE-SU-2025_0059-1
OPENSUSE-SU-2025_0080-1
RHSA-2025:0080
RHSA-2025:0132
RHSA-2025:0133
RHSA-2025:0134
RHSA-2025:0135
RHSA-2025:0136
RHSA-2025:0137
RHSA-2025:0138
RHSA-2025:0144
RHSA-2025:0147
RHSA-2025:0162
RHSA-2025:0165
RHSA-2025:0166
RHSA-2025:0167
RHSA-2025:0275
RHSA-2025:0281
RHSA-2025:0284
RHSA-2025:0286
RHSA-2025:0287
RHSA-2025_0080
RHSA-2025_0144
RHSA-2025_0147
RHSA-2025_0281
RLSA-2025:0144
SUSE-SU-2025:0056-1
SUSE-SU-2025:0059-1
SUSE-SU-2025:0080-1
USN-7191-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu