Volerion logoVolerion
Volerion logoVolerion

Mozilla Firefox and Thunderbird Use-After-Free Vulnerability Due to Concurrent Delazification

Vulnerability

A use-after-free vulnerability has been identified in Mozilla Firefox and Thunderbird. This issue arises from a race condition during concurrent delazification, which could potentially be exploited. The vulnerability affects multiple versions of Firefox and Thunderbird, including Firefox prior to 135, Firefox ESR versions prior to 115.20 and 128.7, as well as Thunderbird versions prior to 128.7 and 135.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, commonly associated with memory corruption issues that can be exploited to execute arbitrary code.

Remediation

Users can upgrade to Firefox 135, Firefox ESR 115.20 or 128.7, or Thunderbird 128.7 or 135 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
4.0
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.