CVE-2025-1938
First published: Tue Mar 04 2025(Updated: )
Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <136 | |
| Firefox ESR | <128.8 | |
| Thunderbird | ||
| Firefox | <136 | 136 |
| Firefox ESR | <128.8 | 128.8 |
| Thunderbird | <128.8 | 128.8 |
| Thunderbird | <136 | 136 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1922889%2C1935004%2C1943586%2C1943912%2C1948111
- https://www.mozilla.org/security/advisories/mfsa2025-14/
- https://www.mozilla.org/security/advisories/mfsa2025-16/
- https://www.mozilla.org/security/advisories/mfsa2025-17/
- https://www.mozilla.org/security/advisories/mfsa2025-18/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-17/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-18/
- https://access.redhat.com/errata/RHSA-2025:2359
- https://access.redhat.com/errata/RHSA-2025:2452
- https://access.redhat.com/errata/RHSA-2025:2481
- https://access.redhat.com/errata/RHSA-2025:2480
- https://access.redhat.com/errata/RHSA-2025:2479
- https://access.redhat.com/errata/RHSA-2025:2485
- https://access.redhat.com/errata/RHSA-2025:2484
- https://access.redhat.com/errata/RHSA-2025:2486
- https://access.redhat.com/errata/RHSA-2025:2699
- https://access.redhat.com/errata/RHSA-2025:2708
- https://access.redhat.com/errata/RHSA-2025:2899
- https://access.redhat.com/errata/RHSA-2025:2900
- https://access.redhat.com/errata/RHSA-2025:2957
- https://access.redhat.com/errata/RHSA-2025:2960
- https://access.redhat.com/errata/RHSA-2025:2958
- https://access.redhat.com/errata/RHSA-2025:2959
- https://access.redhat.com/errata/RHSA-2025:3009
- https://access.redhat.com/errata/RHSA-2025:3013
- https://access.redhat.com/errata/RHSA-2025:3036
- https://bugzilla.redhat.com/show_bug.cgi?id=2349793
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2025-1938?
CVE-2025-1938 has a high severity rating due to the potential for memory corruption that could allow arbitrary code execution.
How do I fix CVE-2025-1938?
To fix CVE-2025-1938, update Mozilla Firefox to version 136 or Thunderbird to the latest version available.
What software is affected by CVE-2025-1938?
CVE-2025-1938 affects Firefox versions up to 135, Thunderbird versions up to 135, and Firefox ESR versions up to 128.7.
Can CVE-2025-1938 be exploited?
There is a possibility that CVE-2025-1938 could be exploited to run arbitrary code if attackers leverage the memory safety bugs.
What should I do if I cannot update to a new version for CVE-2025-1938?
If you cannot update, consider using alternative browsers until a fix is applied or apply additional security measures to reduce risk.
- agent/type
- agent/author
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/last-modified-date
- agent/source
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/description
- agent/trending
- agent/tags
- collector/mozilla-advisory
- source/Mozilla
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-1938
- vendor/mozilla
- canonical/firefox
- canonical/firefox esr
- canonical/thunderbird