Primary

Context

Mozilla Firefox and Thunderbird Uninitialized Memory Disclosure Vulnerability via String Manipulation

Vulnerability

Patched

A vulnerability exists in Mozilla Firefox versions prior to 136 and Thunderbird versions prior to 136, where the String.toUpperCase() method could unintentionally incorporate uninitialized memory into the result. This issue arises when the method causes a string to lengthen, potentially leading to the disclosure of sensitive information.

Impact

Exploitation of this vulnerability could result in the unintentional disclosure of uninitialized memory, which may contain sensitive information.

Remediation

Users can upgrade to Firefox 136 or Thunderbird 136 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mozilla Firefox and Thunderbird Uninitialized Memory Disclosure Vulnerability via String Manipulation

Vulnerability

Impact

Remediation

Affected Products

Mozilla Firefox

Mozilla Thunderbird

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating