MFSA-RESERVE-2025-4
First published: Tue Apr 29 2025(Updated: )
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thunderbird | <138 | 138 |
| Firefox | <138 | 138 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of MFSA-RESERVE-2025-4?
The severity of MFSA-RESERVE-2025-4 is high due to the presence of memory safety bugs that could potentially allow arbitrary code execution.
How do I fix MFSA-RESERVE-2025-4?
To fix MFSA-RESERVE-2025-4, update to the latest version 138 of either Firefox or Thunderbird.
Which versions are affected by MFSA-RESERVE-2025-4?
MFSA-RESERVE-2025-4 affects all versions of Firefox and Thunderbird up to but not including version 138.
Is there any exploit available for MFSA-RESERVE-2025-4?
While there is evidence of memory corruption, we presume that exploiting MFSA-RESERVE-2025-4 would require significant effort and may not have a public exploit.
What products are impacted by MFSA-RESERVE-2025-4?
The products impacted by MFSA-RESERVE-2025-4 are Mozilla Firefox and Mozilla Thunderbird.
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/references
- agent/source
- agent/tags
- agent/severity
- agent/description
- agent/first-publish-date
- agent/type
- agent/softwarecombine
- agent/event
- vendor/mozilla
- canonical/thunderbird
- canonical/firefox