Description
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Published: 2025-03-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Application crash with potential for arbitrary code execution
Action: Update immediately
AI Analysis

Impact

The vulnerability is a Use‑After‑Free in the content process side of a WebTransport connection within Mozilla Firefox and Thunderbird. It occurs when a WebTransport object is freed yet later accessed, leading to a crash. The description indicates that the crash is potentially exploitable, meaning that under certain memory conditions an attacker could trigger the bug to execute arbitrary code on the system. This memory corruption flaw is classified as CWE‑416.

Affected Systems

Mozilla Firefox versions 136 and all earlier releases, including Extended Support Release 115.21 and 128.8, are vulnerable. Mozilla Thunderbird versions 136 and all earlier releases, including ESR 115.21 and 128.8, are also affected. Additionally, older, bundled Mozilla binaries found on Red Hat Enterprise Linux 8, 9 and other Red Hat derivatives are impacted by these vulnerable versions.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in CISA KEV. Based on the description, it is inferred that an attacker could trigger the flaw by loading malicious content that initiates a WebTransport connection, potentially from a remote web page. The risk is therefore a high‑severity crash with the possibility of remote code execution under the right conditions.

Generated by OpenCVE AI on April 20, 2026 at 23:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Firefox to version 136 or later, or to ESR 115.21/128.8 or later
  • Upgrade Thunderbird to version 136 or later, or to ESR 115.21/128.8 or later
  • On Red Hat Enterprise Linux systems, update the package that contains Thunderbird or Firefox to the latest version that includes the patch

Generated by OpenCVE AI on April 20, 2026 at 23:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4078-1 firefox-esr security update
Debian DLA Debian DLA DLA-4081-1 thunderbird security update
Debian DSA Debian DSA DSA-5874-1 firefox-esr security update
Debian DSA Debian DSA DSA-5876-1 thunderbird security update
EUVD EUVD EUVD-2025-7436 It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN Ubuntu USN USN-7334-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-7663-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title firefox: Use-after-free in WebTransportChild Use-after-free in WebTransportChild

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Wed, 26 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Fri, 14 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Mon, 10 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 05 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
Title firefox: Use-after-free in WebTransportChild
Weaknesses CWE-416
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

threat_severity

Important

Wed, 05 Mar 2025 00:00:00 +0000

Type Values Removed Values Added
Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References

Tue, 04 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8.
References

Subscriptions

Mozilla Firefox Thunderbird
Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:33.349Z

Reserved: 2025-03-04T12:29:26.311Z

Link: CVE-2025-1931

cve-icon Vulnrichment

Updated: 2025-11-03T20:57:15.155Z

cve-icon NVD

Status : Modified

Published: 2025-03-04T14:15:37.963

Modified: 2026-04-13T15:16:51.800

Link: CVE-2025-1931

cve-icon Redhat

Severity : Important

Publid Date: 2025-03-04T13:31:23Z

Links: CVE-2025-1931 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses