CVE-2025-5269

Published May 27, 2025

Last updated a month ago

CVSS medium 6.5

Overview

Description: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11.
Source: security@mozilla.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score: Not currently trending

CVE-2025-5269 Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could… https://t.co/kXAW5o98UN
@CVEnew
27 May 2025
327 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BA097AB-46D1-4C4E-9856-9109237940C3",
            "versionEndExcluding": "128.11.0"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1495D4C0-92D7-4384-8730-B59560AD0BEE",
            "versionEndExcluding": "128.11.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References