PT-2025-41896 · Mozilla+9 · Thunderbird+11

Irvan Kurniawan

·

Published

2025-10-14

·

Updated

2026-04-15

·

CVE-2025-11708

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 144 Firefox ESR versions prior to 140.4 Thunderbird versions prior to 144 Thunderbird versions prior to 140.4
Description A use-after-free issue exists in the MediaTrackGraphImpl::GetInstance() function. This can occur due to improper memory management within the function.
Recommendations Update Firefox to version 144 or later. Update Firefox ESR to version 140.4 or later. Update Thunderbird to version 144 or later. Update Thunderbird to version 140.4 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:18154
ALSA-2025:18155
ALSA-2025:18285
ALSA-2025:18320
ALSA-2025:18321
ALSA-2025:18983
ALT-PU-2025-13161
ALT-PU-2025-13476
ALT-PU-2025-13478
ALT-PU-2025-14599
BDU:2025-13289
CESA-2025_18285
CESA-2025_18983
CVE-2025-11708
DLA-4335-1
DLA-4351-1
DSA-6025-1
DSA-6040-1
INFSA-2025_18155
INFSA-2025_18285
INFSA-2025_18321
INFSA-2025_18983
MGASA-2025-0246
MGASA-2025-0247
OESA-2025-2476
OESA-2025-2477
OESA-2025-2478
OESA-2025-2519
OESA-2025-2557
OESA-2025-2596
OPENSUSE-SU-2025:15632-1
OPENSUSE-SU-2025:15645-1
OPENSUSE-SU-2025:15646-1
OPENSUSE-SU-2025:20026-1
OPENSUSE-SU-2025:20065-1
RHSA-2025:18154
RHSA-2025:18155
RHSA-2025:18285
RHSA-2025:18320
RHSA-2025:18321
RHSA-2025:18983
RHSA-2025:19278
RHSA-2025:19938
RHSA-2025:19939
RHSA-2025:19941
RHSA-2025:19942
RHSA-2025:19943
RHSA-2025:19944
RHSA-2025:19945
RHSA-2025:21054
RHSA-2025:21055
RHSA-2025:21056
RHSA-2025:21057
RHSA-2025:21058
RHSA-2025:21059
RHSA-2025:21064
RHSA-2025_18155
RHSA-2025_18285
RHSA-2025_18321
RHSA-2025_18983
SUSE-SU-2025:21021-1
SUSE-SU-2025:3775-1
SUSE-SU-2025:3808-1
SUSE-SU-2025:4006-1
SUSE-SU-2025:4173-1
SUSE-SU-2025:4174-1
SUSE-SU-2025_4173-1
SUSE-SU-2025_4174-1
USN-7991-1

Affected Products

Alt Linux
Almalinux
Centos
Debian
Firefox
Firefox Esr
Linuxmint
Red Hat
Rocky Linux
Suse
Thunderbird
Ubuntu