Description
Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142.
Published: 2025-08-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Potential Remote Code Execution via memory corruption
Action: Patch
AI Analysis

Impact

Memory safety bugs identified in Mozilla Firefox 141 and Thunderbird 141 can lead to memory corruption that may allow an attacker to execute arbitrary code. The high CVSS score of 9.8 reflects the severity of this vulnerability and indicates that the bugs are exploitable with enough effort.

Affected Systems

Affected products include Mozilla Firefox version 141 and Mozilla Thunderbird version 141. The vulnerabilities were fixed in Firefox 142 and Thunderbird 142.

Risk and Exploitability

The likely attack vector is user-controlled manipulation of memory within the browser or email client, potentially via malicious webpages or email content. Exploitation would require significant effort, but the low EPSS score of less than 1% indicates that current exploitation attempts are uncommon, and the vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 20, 2026 at 18:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mozilla Firefox to version 142 or later and Mozilla Thunderbird to version 142 or later.
  • If upgrading immediately is not possible, disable execution of untrusted content such as plugins and scripts in the browser settings or by using security extensions.
  • Monitor Mozilla security advisories and install any subsequent patches as they become available.

Generated by OpenCVE AI on April 20, 2026 at 18:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25239 Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142. Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 142 and Thunderbird 142.

Thu, 30 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 142 and Thunderbird 142 Memory safety bugs fixed in Firefox 142 and Thunderbird 142

Fri, 22 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: Memory safety bugs fixed in Firefox 142 and Thunderbird 142
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 21 Aug 2025 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Wed, 20 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 19 Aug 2025 20:45:00 +0000

Type Values Removed Values Added
Description Memory safety bugs present in Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142 and Thunderbird < 142.
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:29:49.002Z

Reserved: 2025-08-19T15:56:10.269Z

Link: CVE-2025-9187

cve-icon Vulnrichment

Updated: 2025-08-20T14:04:13.909Z

cve-icon NVD

Status : Modified

Published: 2025-08-19T21:15:31.303

Modified: 2026-04-13T15:17:15.060

Link: CVE-2025-9187

cve-icon Redhat

Severity : Important

Publid Date: 2025-08-19T20:33:57Z

Links: CVE-2025-9187 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses