Home

Description

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

PUBLISHED Reserved 2025-08-19 | Published 2025-08-19 | Updated 2025-08-20 | Assigner mozilla

Problem types

Sandbox escape due to invalid pointer in the Audio/Video: GMP component

Product status

Any version before 142
affected

Any version before 115.27
affected

Any version before 128.14
affected

Any version before 140.2
affected

Any version before 142
affected

Any version before 128.14
affected

Any version before 140.2
affected

Credits

Oskar

References

bugzilla.mozilla.org/show_bug.cgi?id=1979527

www.mozilla.org/security/advisories/mfsa2025-64/

www.mozilla.org/security/advisories/mfsa2025-65/

www.mozilla.org/security/advisories/mfsa2025-66/

www.mozilla.org/security/advisories/mfsa2025-67/

www.mozilla.org/security/advisories/mfsa2025-70/

www.mozilla.org/security/advisories/mfsa2025-71/

www.mozilla.org/security/advisories/mfsa2025-72/

cve.org (CVE-2025-9179)

nvd.nist.gov (CVE-2025-9179)

Download JSON