CVE-2025-1938 - Vulnerability Details

- Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

Description

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Published: 2025-03-04

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Memory corruption bugs were discovered in Firefox and Thunderbird versions 135 and 128.7, respectively. The flaws allow the applications to write or read outside allocated memory during handling of specially crafted input, potentially enabling an attacker to execute arbitrary code. The advisory notes that, with sufficient effort, such bugs could be leveraged to run code of the attacker's choosing, representing a significant impact on affected systems.

Affected Systems

Mozilla Firefox 135, Firefox ESR 128.7, Thunderbird 135, and Thunderbird 128.7 are vulnerable. Red Hat Enterprise Linux 8 and 9 systems may run these browsers, as indicated by the supplied CPE entries; any installation of the unpatched browsers on those platforms is at risk.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests exploitation is unlikely at present. No entry appears in the CISA KEV catalog, indicating no known active exploitation. The probable attack vector involves supplying malicious content—such as a crafted web page or email attachment—to the browser, which could trigger the memory corruption and lead to code execution. Because the weaknesses are memory safety defects (CWE‑120 and CWE‑787), reverse engineering the precise trigger input would be required, making the attack effort‑dependent.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`128.8`	unaffected	≤ 128.*
`136`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`128.8`	unaffected	≤ 128.*
`136`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:128.8.0-1.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:2699	2025-03-13T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:128.8.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2452	2025-03-06T00:00:00Z
thunderbird-0:128.8.0-2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2900	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
firefox-0:128.8.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2708	2025-03-13T00:00:00Z
thunderbird-0:128.8.0-2.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2960	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:3009	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:3009	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
firefox-0:128.8.0-1.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:2484	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:3009	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:3036	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:3036	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
firefox-0:128.8.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:2485	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:3036	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
firefox-0:128.8.0-1.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:2486	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:2958	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:128.8.0-1.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2359	2025-03-05T00:00:00Z
thunderbird-0:128.8.0-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2899	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
firefox-0:128.8.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:2481	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:3013	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
firefox-0:128.8.0-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:2480	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:2959	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
firefox-0:128.8.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2479	2025-03-10T00:00:00Z
thunderbird-0:128.8.0-2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2957	2025-03-17T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest patches by upgrading to Mozilla Firefox 136, Firefox ESR 128.8, Thunderbird 136, or Thunderbird 128.8, as appropriate.
If an immediate update is not feasible, isolate the affected client from untrusted network traffic and disable sources of potentially malicious content such as email attachments and external web pages.
Maintain the operating system and other installed software at the latest patched state, and monitor Mozilla security advisories for additional mitigations or updates.

Generated by OpenCVE AI on April 20, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4078-1	firefox-esr security update
Debian DLA	DLA-4081-1	thunderbird security update
Debian DSA	DSA-5874-1	firefox-esr security update
Debian DSA	DSA-5876-1	thunderbird security update
EUVD	EUVD-2025-6084	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
Ubuntu USN	USN-7663-1	Thunderbird vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00311.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111
https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html
https://nvd.nist.gov/vuln/detail/CVE-2025-1938
https://www.cve.org/CVERecord?id=CVE-2025-1938
https://www.mozilla.org/security/advisories/mfsa2025-14/
https://www.mozilla.org/security/advisories/mfsa2025-16/
https://www.mozilla.org/security/advisories/mfsa2025-17/
https://www.mozilla.org/security/advisories/mfsa2025-18/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Title	firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8	Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8

Thu, 26 Feb 2026 23:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html

Thu, 03 Apr 2025 13:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox Mozilla thunderbird
CPEs		cpe:2.3:a:mozilla:firefox:::::::: cpe:2.3:a:mozilla:firefox:::::esr:::* cpe:2.3:a:mozilla:thunderbird::::::::
Vendors & Products		Mozilla Mozilla firefox Mozilla thunderbird

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els

Mon, 10 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus

Fri, 07 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Thu, 06 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Wed, 05 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
Title		firefox: thunderbird: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8
Weaknesses		CWE-120
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1938 https://www.cve.org/CVERecord?id=CVE-2025-1938
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 05 Mar 2025 00:00:00 +0000

Type	Values Removed	Values Added
Description	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8.	Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
References		https://www.mozilla.org/security/advisories/mfsa2025-17/ https://www.mozilla.org/security/advisories/mfsa2025-18/

Tue, 04 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 04 Mar 2025 13:45:00 +0000

Type	Values Removed	Values Added
Description		Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136 and Firefox ESR < 128.8.
References		https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111 https://www.mozilla.org/security/advisories/mfsa2025-14/ https://www.mozilla.org/security/advisories/mfsa2025-16/

Subscriptions

Mozilla Firefox Thunderbird

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-03-04T13:31:27.167Z

Updated: 2026-04-13T14:27:47.492Z

Reserved: 2025-03-04T12:29:43.643Z

Link: CVE-2025-1938

Vulnrichment

Updated: 2025-11-03T20:57:25.349Z

NVD

Status : Modified

Published: 2025-03-04T14:15:38.730

Modified: 2026-04-13T15:16:53.227

Link: CVE-2025-1938

Redhat

Severity : Important

Publid Date: 2025-03-04T13:31:27Z

Links: CVE-2025-1938 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T18:30:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object