Description
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Published: 2025-03-04
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via memory corruption
Action: Apply Patch
AI Analysis

Impact

Memory safety bugs were identified in Firefox 135 and Thunderbird 135, as well as in various ESR releases including Firefox ESR 115.20 and 128.7, and Thunderbird ESR 128.7. The flaws involve improper handling of memory, leading to corruption that could, with sufficient effort, enable an attacker to execute arbitrary code. The weaknesses are classified as CWE-120 (Buffer Copy without Length Checks) and CWE-1260 (Uncontrolled Buffer Size). The impact is the potential compromise of the host system through remote code execution.

Affected Systems

The affected products are Mozilla Firefox and Mozilla Thunderbird. Vulnerable versions include Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird ESR 128.7. These products can run on Windows, macOS, Linux, and specifically on Red Hat Enterprise Linux 8 and 9 distributions (including RHEL AUS, E4S, EU S, TUS, and EL S variants) where the pre‑fixed versions are installed. Any installation running one of these pre‑fixed versions, regardless of the operating system, is at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. EPSS is reported as <1%, suggesting a low current exploitation probability, but the memory corruption nature still allows the possibility of remote code execution through privileged browser actions. The vulnerability is not listed in the CISA KEV catalog. Attackers are likely to target the vulnerability via malicious web content or compromised local applications that can trigger the memory defects, though the specific attack vector is not explicitly stated in the available description and is inferred to be remote.

Generated by OpenCVE AI on April 20, 2026 at 23:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all affected Mozilla Firefox and Thunderbird installations to the patched releases (Firefox 136 or ESR 115.21/128.8, Thunderbird 136 or ESR 128.8), including those running on Red Hat Enterprise Linux 8 and 9.
  • On Red Hat Enterprise Linux systems, enable the appropriate security channels or repositories to receive the updated Firefox and Thunderbird packages automatically.
  • If an upgrade cannot be performed immediately, apply application-level sandboxing and restrict browsing to safe domains, disabling any features that can trigger the memory bugs until a patch is available.

Generated by OpenCVE AI on April 20, 2026 at 23:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4078-1 firefox-esr security update
Debian DLA Debian DLA DLA-4081-1 thunderbird security update
Debian DSA Debian DSA DSA-5874-1 firefox-esr security update
Debian DSA Debian DSA DSA-5876-1 thunderbird security update
EUVD EUVD EUVD-2025-6082 Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN Ubuntu USN USN-7334-1 Firefox vulnerabilities
Ubuntu USN Ubuntu USN USN-7663-1 Thunderbird vulnerabilities
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Fri, 14 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/a:redhat:rhel_aus:8.2
cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Wed, 12 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1260
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Tue, 11 Mar 2025 02:30:00 +0000

Type Values Removed Values Added
References

Mon, 10 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_eus:8.8
cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Eus
Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Wed, 05 Mar 2025 03:00:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
Weaknesses CWE-120
References
Metrics threat_severity

None

 cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 05 Mar 2025 00:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8. Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References

Tue, 04 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, and Firefox ESR < 128.8.
References

Subscriptions

Mozilla Firefox Thunderbird
Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:45.714Z

Reserved: 2025-03-04T12:29:43.137Z

Link: CVE-2025-1937

cve-icon Vulnrichment

Updated: 2025-11-03T20:57:23.954Z

cve-icon NVD

Status : Modified

Published: 2025-03-04T14:15:38.610

Modified: 2026-04-13T15:16:53.020

Link: CVE-2025-1937

cve-icon Redhat

Severity : Important

Publid Date: 2025-03-04T13:31:26Z

Links: CVE-2025-1937 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses