CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-5269: Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with...

6.5 CVSS

Description

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11.

Classification

CVE ID: CVE-2025-5269

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem Types

Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11

Affected Products

Vendor: Mozilla

Product: Firefox ESR

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.79% (scored less or equal to compared to others)

EPSS Date: 2025-06-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5269
https://bugzilla.mozilla.org/show_bug.cgi?id=1924108
https://www.mozilla.org/security/advisories/mfsa2025-44/

Timeline

2025-05-27 13:40:14 UTC
CVE

Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with...