Volerion logoVolerion
Volerion logoVolerion

Mozilla Firefox and Thunderbird Memory Safety Vulnerability Allowing Potential Arbitrary Code Execution

Vulnerability

A vulnerability has been identified in Mozilla Firefox and Thunderbird applications, specifically in several extended support release (ESR) versions. This vulnerability arises from memory safety issues that could lead to memory corruption. With sufficient effort, these issues might be exploited to execute arbitrary code. The vulnerability affects multiple versions across different release channels, including Firefox ESR 115.26, 128.13, 140.1, as well as Firefox 141. Thunderbird shares the same vulnerable versions, except for the 115.x branch.

Impact

Exploitation of this vulnerability could result in memory corruption, with the potential to execute arbitrary code.

Remediation

Users can upgrade to Firefox 142, Thunderbird 142, Firefox ESR 115.27, Firefox ESR 128.14, or Firefox ESR 140.2. Instructions for updating can be found in the Firefox Release Notes and the Thunderbird Release Notes.

Added: Aug 19, 2025, 9:19 PM
Updated: Aug 19, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
2.5
exploitability
4.4
remediation
7.7
relevance
0.4
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.