Primary

Context

Mozilla Firefox and Thunderbird RegExp Processing Vulnerability Leading to Unexpected Garbage Collection

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 136, Firefox ESR versions prior to 128.8, and Thunderbird versions prior to 136 and 128.8 ESR. This issue allows for the interruption of RegExp bailout processing, enabling the execution of additional JavaScript. Such interference could trigger garbage collection at unexpected times, potentially leading to memory management issues.

Impact

Exploitation of this vulnerability could disrupt normal JavaScript execution and memory management, causing unexpected behavior in the application.

Remediation

Users can upgrade to Firefox 136, Firefox ESR 128.8, or Thunderbird 136 or 128.8 ESR to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird RegExp Processing Vulnerability Leading to Unexpected Garbage Collection

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Firefox ESR

Mozilla Thunderbird

Mozilla Thunderbird ESR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating