Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 142
Mozilla Firefox and Thunderbird Memory Corruption Vulnerability in GMP Component Allowing Sandbox Escape
Vulnerability
Patched
A memory corruption vulnerability has been identified in the GMP (Gecko Media Plugin) process of Firefox and Thunderbird. This process, which handles encrypted media, is heavily sandboxed but operates with slightly different privileges than the content process. The vulnerability affects multiple versions of Firefox and Thunderbird, prior to 142, as well as several Firefox ESR and Thunderbird ESR versions. The memory corruption could potentially be exploited to escape the sandbox and execute arbitrary code.
Impact
Exploitation of this vulnerability leads to memory corruption, with evidence suggesting that it could be leveraged to run arbitrary code.
Remediation
Users can upgrade to Firefox 142 or Thunderbird 142. Firefox ESR users should upgrade to version 115.27, 128.14 or 140.2, depending on their current version. Thunderbird ESR users should upgrade to 128.14 or 140.2.
Added: Aug 19, 2025, 9:26 PM
Updated: Aug 19, 2025, 9:26 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
10.0exploitability
4.4remediation
7.7relevance
0.3threat
0.0urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.