8.1 CVE-2025-9185
Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.
https://nvd.nist.gov/vuln/detail/CVE-2025-9185
Categories
CWE-NVD-noinfo
CWE-119
References
af854a3a-2127-422b-91ae-364da2661108
| https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html |
| https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html |
security@mozilla.org
| https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970154%2C1976782%2C1977166 Broken Link |
| https://www.mozilla.org/security/advisories/mfsa2025-64/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-65/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-66/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-67/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-70/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-71/ Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2025-72/ Vendor Advisory |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* | < 115.27.0 | |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* | < 142.0 | |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* | >= 128.0 | < 128.14.0 |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* | >= 140.0 | < 140.2.0 |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* | < 128.14.0 | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* | < 142.0 | |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:* | >= 140.0 | < 140.2.0 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
