CVE-2025-1930

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8

Description A compromised content process could trigger a use-after-free in the Browser process by sending bad StreamData over AudioIPC. This issue could have led to a sandbox escape.

Recommendations For Firefox versions prior to 136, update to version 136 or later. For Firefox ESR versions prior to 115.21, update to version 115.21 or later. For Firefox ESR versions prior to 128.8, update to version 128.8 or later.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:2359

ALSA-2025:2452

ALT-PU-2025-3905

ALT-PU-2025-4001

ALT-PU-2025-4567

ALT-PU-2025-5829

ALT-PU-2025-7695

ALT-PU-2025-7697

BDU:2025-02599

CESA-2025_2452

CVE-2025-1930

INFSA-2025_2359

INFSA-2025_2452

OESA-2025-1835

OPENSUSE-SU-2025:14852-1

OPENSUSE-SU-2025:14853-1

OPENSUSE-SU-2025:14861-1

OPENSUSE-SU-2025_0788-1

OPENSUSE-SU-2025_0849-1

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RHSA-2025_2359

RHSA-2025_2452

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

SUSE-SU-2025_0783-1

USN-7663-1

Affected Products

Alt Linux

Almalinux

Centos

Firefox

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2025-1930

Weakness Enumeration

Related Identifiers

Affected Products

References · 229