Description
It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Published: 2025-03-04
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unintended garbage collection during RegExp bailout may lead to memory corruption or denial of service
Action: Patch
AI Analysis

Impact

The vulnerability allows an attacker to interrupt the JavaScript RegExp bailout process and run additional script code, which can inadvertently trigger garbage collection when the engine is not expecting it. This unexpected GC can lead to memory corruption or cause the browser or mail client to crash, effectively resulting in a denial of service. The weakness is enumerated as a logic or design error (CWE‑460).

Affected Systems

Mozilla Firefox versions earlier than 136 and the ESR 128.8 release, as well as Mozilla Thunderbird versions earlier than 136 and the ESR 128.8 release, are affected. Systems that ship these browsers may be impacted if the vulnerable JavaScript engine is present. Based on the provided CPE data, systems running Red Hat Enterprise Linux 8 or 9 that include the affected Firefox or Thunderbird installations may also be impacted; this inference is derived from the CPEs.

Risk and Exploitability

The CVSS base score of 6.5 denotes medium severity. EPSS <1% indicates a low likelihood of widespread exploitation. The vulnerability is not listed in CISA KEV, suggesting no confirmed public exploits. The likely attack vector is via malicious web pages or email attachments that load JavaScript containing a RegExp pattern designed to interrupt the bailout, causing unexpected garbage collection and a potential denial of service. Exploitation requires only a vulnerable JavaScript engine and delivery of the crafted script; no special privileges are needed.

Generated by OpenCVE AI on April 20, 2026 at 23:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 136 or the ESR 128.8 release, or later.
  • Upgrade Mozilla Thunderbird to version 136 or the ESR 128.8 release, or later.
  • If an upgrade cannot be performed immediately, reduce the execution of arbitrary JavaScript in the affected environment by applying Content Security Policy or similar restrictions to limit scripts that can run RegExp patterns.
  • Monitor affected systems for memory‑related crashes or abnormal garbage collection activity after applying the update or mitigation.

Generated by OpenCVE AI on April 20, 2026 at 23:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4078-1 firefox-esr security update
Debian DLA Debian DLA DLA-4081-1 thunderbird security update
Debian DSA Debian DSA DSA-5874-1 firefox-esr security update
Debian DSA Debian DSA DSA-5876-1 thunderbird security update
EUVD EUVD EUVD-2025-7439 It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN Ubuntu USN USN-7334-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-7663-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title firefox: Unexpected GC during RegExp bailout processing Unexpected GC during RegExp bailout processing

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Fri, 14 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Wed, 12 Mar 2025 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-185
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Mon, 10 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 05 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
Title firefox: Unexpected GC during RegExp bailout processing
Weaknesses CWE-460
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 05 Mar 2025 00:00:00 +0000

Type Values Removed Values Added
Description It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8. It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References

Tue, 04 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-185
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8.
References

Subscriptions

Mozilla Firefox Thunderbird
Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:40.069Z

Reserved: 2025-03-04T12:29:35.333Z

Link: CVE-2025-1934

cve-icon Vulnrichment

Updated: 2025-11-03T20:57:19.643Z

cve-icon NVD

Status : Modified

Published: 2025-03-04T14:15:38.273

Modified: 2026-04-13T15:16:52.437

Link: CVE-2025-1934

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-03-04T13:31:24Z

Links: CVE-2025-1934 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses