What is the severity of CVE-2025-1934?

CVE-2025-1934 is considered a medium severity vulnerability due to its potential to interrupt RegExp processing and execute unintended JavaScript.

How do I fix CVE-2025-1934?

To fix CVE-2025-1934, update your Mozilla Firefox to version 136 or Mozilla Firefox ESR to version 128.8 or later.

Which versions of Firefox are affected by CVE-2025-1934?

CVE-2025-1934 affects Mozilla Firefox versions prior to 136 and Firefox ESR versions prior to 128.8.

Can CVE-2025-1934 allow arbitrary code execution?

Yes, CVE-2025-1934 can allow the execution of additional JavaScript, which may lead to arbitrary code execution under certain conditions.

What type of attack is CVE-2025-1934 associated with?

CVE-2025-1934 is associated with a potential code execution attack through RegExp bailouts in specific versions of Mozilla Firefox.

Vulnerability/
CVE-2025-1934

medium

6.5

CWE

185

4/3/2025

25/3/2025

CVE-2025-1934

First published: Tue Mar 04 2025(Updated: )

It was possible to interrupt the processing of a RegExp bailout and run additional JavaScript, potentially triggering garbage collection when the engine was not expecting it.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Firefox	<136
Firefox ESR	<128.8
Thunderbird	<128.8	128.8
Firefox	<136	136
Firefox ESR	<128.8	128.8
Thunderbird	<136	136
debian/firefox		136.0.1-1
debian/firefox-esr	<=115.14.0esr-1~deb11u1<=128.5.0esr-1~deb12u1	128.8.0esr-1~deb11u1 128.8.0esr-1~deb12u1 128.8.0esr-1
debian/thunderbird	<=1:115.12.0-1~deb11u1<=1:128.5.0esr-1~deb12u1	1:128.8.0esr-1~deb11u1 1:128.8.0esr-1~deb12u1 1:128.8.0esr-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2025-1934?
CVE-2025-1934 is considered a medium severity vulnerability due to its potential to interrupt RegExp processing and execute unintended JavaScript.
How do I fix CVE-2025-1934?
To fix CVE-2025-1934, update your Mozilla Firefox to version 136 or Mozilla Firefox ESR to version 128.8 or later.
Which versions of Firefox are affected by CVE-2025-1934?
CVE-2025-1934 affects Mozilla Firefox versions prior to 136 and Firefox ESR versions prior to 128.8.
Can CVE-2025-1934 allow arbitrary code execution?
Yes, CVE-2025-1934 can allow the execution of additional JavaScript, which may lead to arbitrary code execution under certain conditions.
What type of attack is CVE-2025-1934 associated with?
CVE-2025-1934 is associated with a potential code execution attack through RegExp bailouts in specific versions of Mozilla Firefox.

agent/type
agent/author
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/weakness
collector/usn-cve
source/Ubuntu
agent/description
agent/source
collector/mozilla-advisory
source/Mozilla
agent/references
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/last-modified-date
collector/nvd-cve
agent/severity
collector/security-tracker-debian
source/Debian
agent/softwarecombine
agent/tags
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2025-1934
vendor/mozilla
canonical/firefox
canonical/firefox esr
canonical/thunderbird
package-manager/debian