CVE-2025-6424 - Vulnerability Details

- Use-after-free in FontFaceSet

Description

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Published: 2025-06-24

Score: 9.8 Critical

EPSS: 1.1% Low

KEV: No

Impact:

Action:

Analysis

Impact

A use‑after‑free flaw exists in the FontFaceSet handling code. The flaw can cause a malformed memory access that leads to a browser crash, which may be exploited to cause a denial of service. The vulnerability is categorized as CWE‑416, a memory corruption weakness.

Affected Systems

The bug affects Mozilla Firefox and Thunderbird across their main releases and ESR branches. The advisory lists fixes in Firefox 140, Firefox ESR 115.25, and Firefox ESR 128.12, as well as in Thunderbird 140 and Thunderbird 128.12. All earlier versions are vulnerable.

Risk and Exploitability

The CVSS score of 9.8 signals a high‑severity flaw. The EPSS score of 1 % reflects a low, but non‑negligible, likelihood of exploitation. The advisory does not state whether this vulnerability is remotely exploitable; therefore the attack vector remains unspecified. The flaw is not listed in CISA’s KEV catalog, so no widespread exploits are currently known.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mozilla

Firefox

affected

Version	Status	Constraints
`115.25`	unaffected	≤ 115.*
`128.12`	unaffected	≤ 128.*
`140`	unaffected	≤ *

Mozilla

Thunderbird

affected

Version	Status	Constraints
`128.12`	unaffected	≤ 128.*
`140`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox:::::esr:::*
	cpe:2.3:a:mozilla:firefox:::::-:::*
	cpe:2.3:a:mozilla:firefox:::::esr:::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 10
firefox-0:128.12.0-1.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:10073	2025-07-01T00:00:00Z
thunderbird-0:128.12.0-1.el10_0	cpe:/o:redhat:enterprise_linux:10.0	RHSA-2025:10195	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 7 Extended Lifecycle Support
firefox-0:128.12.0-1.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:10181	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:128.12.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:10074	2025-07-01T00:00:00Z
thunderbird-0:128.12.0-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:10246	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
thunderbird-0:128.12.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:10166	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:10182	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
thunderbird-0:128.12.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:10165	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:10184	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
thunderbird-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:10164	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:10183	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
thunderbird-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:10164	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:10183	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
thunderbird-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:10164	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:10183	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Telecommunications Update Service
thunderbird-0:128.12.0-1.el8_8	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:10163	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_8	cpe:/a:redhat:rhel_tus:8.8	RHSA-2025:10186	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
thunderbird-0:128.12.0-1.el8_8	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:10163	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el8_8	cpe:/a:redhat:rhel_e4s:8.8	RHSA-2025:10186	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 9
firefox-0:128.12.0-1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:10072	2025-07-01T00:00:00Z
thunderbird-0:128.12.0-1.el9_6	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:10196	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
thunderbird-0:128.12.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:10161	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:10187	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions
thunderbird-0:128.12.0-1.el9_2	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:10160	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el9_2	cpe:/a:redhat:rhel_e4s:9.2	RHSA-2025:10185	2025-07-02T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
thunderbird-0:128.12.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:10159	2025-07-01T00:00:00Z
firefox-0:128.12.0-1.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:10188	2025-07-02T00:00:00Z

Vendor	Product	Confidence	Versions
Mozilla	Firefox	—	—
Mozilla	Firefox Esr	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply an update to Firefox 140 or the ESR equivalents 115.25 or 128.12, and to Thunderbird 140 or 128.12.
If updating is temporarily infeasible, run the affected browsers in a restricted sandbox to limit the impact of a potential crash.
Continuously monitor crash logs and system stability reports for evidence of unexpected termination that may indicate exploitation attempts.

Generated by OpenCVE AI on April 20, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4231-1	firefox-esr security update
Debian DLA	DLA-4239-1	thunderbird security update
Debian DSA	DSA-5950-1	firefox-esr security update
Debian DSA	DSA-5959-1	thunderbird security update
EUVD	EUVD-2025-19086	A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
Ubuntu USN	USN-7663-1	Thunderbird vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01103.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://bugzilla.mozilla.org/show_bug.cgi?id=1966423
https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html
https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2025-6424
https://www.cve.org/CVERecord?id=CVE-2025-6424
https://www.mozilla.org/security/advisories/mfsa2025-51/
https://www.mozilla.org/security/advisories/mfsa2025-52/
https://www.mozilla.org/security/advisories/mfsa2025-53/
https://www.mozilla.org/security/advisories/mfsa2025-53/#CVE-2025-6424
https://www.mozilla.org/security/advisories/mfsa2025-54/
https://www.mozilla.org/security/advisories/mfsa2025-55/

History

Mon, 13 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description	A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.	A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html

Thu, 30 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Title	firefox: thunderbird: Use-after-free in FontFaceSet	Use-after-free in FontFaceSet

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00076}`	epss `{'score': 0.00092}`

Fri, 04 Jul 2025 02:30:00 +0000

Type	Values Removed	Values Added
Title	firefox: Use-after-free in FontFaceSet	firefox: thunderbird: Use-after-free in FontFaceSet

Wed, 02 Jul 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description	A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.	A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.
References		https://www.mozilla.org/security/advisories/mfsa2025-54/ https://www.mozilla.org/security/advisories/mfsa2025-55/

Wed, 02 Jul 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mozilla Mozilla firefox
CPEs		cpe:2.3:a:mozilla:firefox:::::-:::* cpe:2.3:a:mozilla:firefox:::::esr:::*
Vendors & Products		Mozilla Mozilla firefox

Wed, 02 Jul 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:8.8 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_e4s:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.6 cpe:/a:redhat:rhel_tus:8.8 cpe:/o:redhat:enterprise_linux:10.0 cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Els Redhat rhel Eus Redhat rhel Tus

Wed, 02 Jul 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8
Vendors & Products		Redhat Redhat enterprise Linux

Thu, 26 Jun 2025 02:45:00 +0000

Type	Values Removed	Values Added
References		https://www.mozilla.org/security/advisories/mfsa2025-53/#CVE-2025-6424

Wed, 25 Jun 2025 13:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 25 Jun 2025 00:30:00 +0000

Type	Values Removed	Values Added
Title		firefox: Use-after-free in FontFaceSet
References		https://nvd.nist.gov/vuln/detail/CVE-2025-6424 https://www.cve.org/CVERecord?id=CVE-2025-6424
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}` threat_severity `Important`

Tue, 24 Jun 2025 12:45:00 +0000

Type	Values Removed	Values Added
Description		A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1966423 https://www.mozilla.org/security/advisories/mfsa2025-51/ https://www.mozilla.org/security/advisories/mfsa2025-52/ https://www.mozilla.org/security/advisories/mfsa2025-53/

Subscriptions

Mozilla Firefox Firefox Esr

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2025-06-24T12:27:59.669Z

Updated: 2026-04-13T14:26:04.861Z

Reserved: 2025-06-20T14:51:26.620Z

Link: CVE-2025-6424

Vulnrichment

Updated: 2025-11-03T20:06:57.283Z

NVD

Status : Modified

Published: 2025-06-24T13:15:23.273

Modified: 2026-04-13T15:17:06.127

Link: CVE-2025-6424

Redhat

Severity : Important

Publid Date: 2025-06-24T12:27:59Z

Links: CVE-2025-6424 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-20T20:30:16Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object