Description
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.
Published: 2025-01-07
Score: 9.8 Critical
EPSS: 15.4% Moderate
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Memory safety bugs in Mozilla Firefox 133 and Thunderbird 133 can corrupt memory; if exploited, an attacker could achieve arbitrary code execution. The vulnerability is reported as a memory corruption issue that could be used to run code with the privileges of the application. The impact is therefore a critical compromise of confidentiality, integrity, and availability for affected users.

Affected Systems

The affected products are Mozilla Firefox version 133 and Mozilla Thunderbird version 133. Both applications were patched in the subsequent 134 releases, and no other versions are reported to be affected.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity, and an EPSS score of 15% suggests a non-negligible likelihood of exploitation. The vulnerability is not listed in CISA's KEV catalog, but the high CVSS, the evidence of memory corruption, and the potential for remote code execution make this a serious risk. Attackers would likely need to supply malicious content, such as a web page or email attachment, to trigger the bug; the exact vector is not specified in the advisory, so the risk applies to users who render or open untrusted content.

Generated by OpenCVE AI on April 20, 2026 at 18:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Mozilla Firefox to version 134 or later
  • Update Mozilla Thunderbird to version 134 or later
  • Monitor Mozilla security advisories for additional patches or guidance

Generated by OpenCVE AI on April 20, 2026 at 18:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-1579 Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
Ubuntu USN Ubuntu USN USN-7191-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-7991-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134.
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 134 and Thunderbird 134 Memory safety bugs fixed in Firefox 134 and Thunderbird 134

Thu, 03 Apr 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses CWE-787
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Tue, 14 Jan 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 09 Jan 2025 14:00:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 134 and Thunderbird 134
Weaknesses CWE-120
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 09 Jan 2025 08:45:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134. Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134.
References

Wed, 08 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134.
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:30:12.596Z

Reserved: 2025-01-06T14:49:19.275Z

Link: CVE-2025-0247

cve-icon Vulnrichment

Updated: 2025-01-08T14:55:27.965Z

cve-icon NVD

Status : Modified

Published: 2025-01-07T16:15:39.357

Modified: 2026-04-13T15:16:35.177

Link: CVE-2025-0247

cve-icon Redhat

Severity : Important

Publid Date: 2025-01-07T16:07:07Z

Links: CVE-2025-0247 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:45:14Z

Weaknesses