CVE-2025-1414 - Vulnerability Details

- Memory safety bugs fixed in Firefox 135.0.1

Description

Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

Published: 2025-02-18

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a memory safety issue in Firefox 135 that can lead to memory corruption; with sufficient effort, an attacker could potentially execute arbitrary code. This is a type of out‑of‑bounds write or buffer overflow (CWE-120 & CWE-787).

Affected Systems

Mozilla Firefox versions earlier than 135.0.1, specifically all builds of Firefox 135, are affected; later versions including 135.0.1 have the fix applied.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate risk; the EPSS score of less than 1% suggests low current exploitation probability; the vulnerability is not listed in KEV. Exploitation would require a malicious web page or content that triggers the memory corruption; no known public exploit yet. Given the moderate score and low probability, immediate patching is recommended to mitigate potential code execution risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`135.0.1`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to Firefox 135.0.1 or later
Ensure all browser instances are updated to the latest available version
Discontinue use of older Firefox builds (pre‑135.0.1) in the environment

Generated by OpenCVE AI on April 20, 2026 at 18:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-4789	Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00285.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1943179
https://nvd.nist.gov/vuln/detail/CVE-2025-1414
https://www.cve.org/CVERecord?id=CVE-2025-1414
https://www.mozilla.org/security/advisories/mfsa2025-12/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.	Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.
Title	firefox: Memory safety bugs fixed in Firefox 135.0.1	Memory safety bugs fixed in Firefox 135.0.1

Fri, 28 Mar 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
CPEs		cpe:2.3:a:mozilla:firefox::::::::
Vendors & Products		Mozilla Mozilla firefox

Wed, 19 Feb 2025 14:00:00 +0000

Type	Values Removed	Values Added
Title		firefox: Memory safety bugs fixed in Firefox 135.0.1
Weaknesses		CWE-120
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1414 https://www.cve.org/CVERecord?id=CVE-2025-1414
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 18 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 18 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1943179 https://www.mozilla.org/security/advisories/mfsa2025-12/

Subscriptions

Mozilla Firefox

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-02-18T13:39:33.402Z

Updated: 2026-04-13T14:31:40.764Z

Reserved: 2025-02-18T13:19:50.261Z

Link: CVE-2025-1414

Vulnrichment

Updated: 2025-02-18T20:48:06.492Z

NVD

Status : Modified

Published: 2025-02-18T14:15:28.670

Modified: 2026-04-13T15:16:51.410

Link: CVE-2025-1414

Redhat

Severity : Important

Publid Date: 2025-02-18T13:39:33Z

Links: CVE-2025-1414 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T18:30:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object