CVE-2025-1930 - Vulnerability Details

- AudioIPC StreamData could trigger a use-after-free in the Browser process

Description

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A malformed StreamData sent over AudioIPC from a content process can trigger a use‑after‑free in the Browser process on Windows, which could allow an attacker to escape the browser sandbox and execute code with the Browser’s elevated privileges. The primary impact is a sandbox escape, and the underlying weakness is a use‑after‑free (CWE‑416).

Affected Systems

Mozilla Firefox and Thunderbird running on Windows are affected. The vulnerability is present in all versions before Firefox 136 (or Firefox ESR 115.21/128.8) and before Thunderbird 136 (or Thunderbird ESR 128.8). Upgrading to those patched releases removes the flaw.

Risk and Exploitability

With a CVSS score of 8.8 the issue is classified as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at the time of this analysis. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is a Windows system where a content process can read audio data, such as a web page or a local file, and inject crafted StreamData that triggers the use‑after‑free in the Browser process.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`115.21`	unaffected	≤ 115.*
`128.8`	unaffected	≤ 128.*
`136`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`128.8`	unaffected	≤ 128.*
`136`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:thunderbird:::::-:::*
	cpe:2.3:a:mozilla:thunderbird:::::-:::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:128.8.0-1.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:2699	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:128.8.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2452	2025-03-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:128.8.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2708	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
firefox-0:128.8.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:2486	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:128.8.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2359	2025-03-05T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
firefox-0:128.8.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:2481	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
firefox-0:128.8.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:2480	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
firefox-0:128.8.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2479	2025-03-10T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Firefox to version 136 or newer, or to Firefox ESR 115.21 or 128.8.
Upgrade Thunderbird to version 136 or newer, or to Thunderbird ESR 128.8.
If an upgrade cannot be performed immediately, configure the browser to restrict or disable audio stream processing from untrusted content to prevent the use‑after‑free trigger.

Generated by OpenCVE AI on April 20, 2026 at 23:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-6182	On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN	USN-7663-1	Thunderbird vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00352.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1902309
https://nvd.nist.gov/vuln/detail/CVE-2025-1930
https://www.cve.org/CVERecord?id=CVE-2025-1930
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-15/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.	On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title	firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process	AudioIPC StreamData could trigger a use-after-free in the Browser process

Fri, 04 Apr 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:a:mozilla:thunderbird:::::-:::*
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els

Mon, 10 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 05 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 05 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
Title		firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process
Weaknesses		CWE-416
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1930 https://www.cve.org/CVERecord?id=CVE-2025-1930
Metrics	threat_severity `None`	cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H'}` threat_severity `Important`

Wed, 05 Mar 2025 00:00:00 +0000

Type	Values Removed	Values Added
Description	On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8.	On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References		https://www.mozilla.org/security/advisories/mfsa2025-17/ https://www.mozilla.org/security/advisories/mfsa2025-18/

Tue, 04 Mar 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1902309 https://www.mozilla.org/security/advisories/mfsa2025-14/ https://www.mozilla.org/security/advisories/mfsa2025-15/ https://www.mozilla.org/security/advisories/mfsa2025-16/

Subscriptions

Mozilla Firefox Thunderbird

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-03-04T13:31:22.418Z

Updated: 2026-04-13T14:27:31.484Z

Reserved: 2025-03-04T12:29:23.496Z

Link: CVE-2025-1930

Vulnrichment

Updated: 2025-03-05T16:42:49.571Z

NVD

Status : Modified

Published: 2025-03-04T14:15:37.850

Modified: 2026-04-13T15:16:51.590

Link: CVE-2025-1930

Redhat

Severity : Important

Publid Date: 2025-03-04T13:31:22Z

Links: CVE-2025-1930 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object