First published: Tue Mar 04 2025(Updated: )
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Firefox | <136 | |
Firefox ESR | <128.8 | |
Thunderbird | ||
Firefox | <136 | 136 |
Firefox ESR | <128.8 | 128.8 |
Thunderbird | <128.8 | 128.8 |
Thunderbird | <136 | 136 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2025-1938 has a high severity rating due to the potential for memory corruption that could allow arbitrary code execution.
To fix CVE-2025-1938, update Mozilla Firefox to version 136 or Thunderbird to the latest version available.
CVE-2025-1938 affects Firefox versions up to 135, Thunderbird versions up to 135, and Firefox ESR versions up to 128.7.
There is a possibility that CVE-2025-1938 could be exploited to run arbitrary code if attackers leverage the memory safety bugs.
If you cannot update, consider using alternative browsers until a fix is applied or apply additional security measures to reduce risk.