CVE-2025-0238 | THREATINT

Description

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird < 128.6.

PUBLISHED Reserved 2025-01-06 | Published 2025-01-07 | Updated 2025-11-03 | Assigner mozilla

Problem types

Use-after-free when breaking lines in text

Product status

Any version before 134

affected

Any version before 128.6

affected

Any version before 115.19

affected

Any version before 134

affected

Any version before 128.6

affected

Credits

Irvan Kurniawan

References

lists.debian.org/debian-lts-announce/2025/01/msg00004.html

bugzilla.mozilla.org/show_bug.cgi?id=1915535

www.mozilla.org/security/advisories/mfsa2025-01/

www.mozilla.org/security/advisories/mfsa2025-02/

www.mozilla.org/security/advisories/mfsa2025-03/

www.mozilla.org/security/advisories/mfsa2025-04/

www.mozilla.org/security/advisories/mfsa2025-05/

cve.org (CVE-2025-0238)

nvd.nist.gov (CVE-2025-0238)

Download JSON

help @ threatint.eu