Volerion logoVolerion
Volerion logoVolerion

Mozilla Firefox and Thunderbird Use-After-Free Vulnerability via AudioIPC StreamData

Vulnerability

A use-after-free vulnerability has been identified in Mozilla Firefox and Thunderbird on Windows. A compromised content process could exploit this vulnerability by sending malicious StreamData over AudioIPC, leading to a use-after-free condition in the Browser process. This issue could have allowed for a sandbox escape. The vulnerability affects Firefox versions prior to 136, Firefox ESR versions prior to 115.21 and 128.8, as well as Thunderbird versions prior to 136 and 128.8.

Impact

Exploitation of this vulnerability could have led to a sandbox escape, allowing a compromised content process to execute code in the Browser process outside of its usual restrictions.

Remediation

Users can upgrade to Firefox 136, Firefox ESR 115.21 or 128.8, or Thunderbird 136 or 128.8 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
4.7
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.