Vulnerability CVE-2025-1937: Information

Description

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-1937
Published: March 4, 2025
Modified: March 13, 2025

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus136.0-alt1136.0.2-alt1ALT-PU-2025-4104-2376916Fixed
firefoxsisyphus_loongarch64136.0.1-alt0.port136.0.1-alt0.portALT-PU-2025-4467-1-Fixed
firefoxp11136.0.2-alt1135.0.1-alt1ALT-PU-2025-4567-1378599Testing
firefox-esrsisyphus128.8.0-alt1128.8.0-alt1ALT-PU-2025-3846-2376894Fixed
firefox-esrp11128.8.0-alt1128.8.0-alt1ALT-PU-2025-3905-3377017Fixed
thunderbirdsisyphus128.8.0-alt1136.0-alt1ALT-PU-2025-3967-2377184Fixed
thunderbirdsisyphus_riscv64128.8.0-alt1136.0-alt1ALT-PU-2025-4019-1-Fixed
thunderbirdsisyphus_loongarch64136.0-alt1136.0-alt1ALT-PU-2025-4395-1-Fixed
thunderbirdp11128.8.0-alt1128.8.0-alt1ALT-PU-2025-4001-3377410Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://www.openwall.com/lists/oss-security/2025/03/10/6
    Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8
      https://www.mozilla.org/security/advisories/mfsa2025-14/
        https://www.mozilla.org/security/advisories/mfsa2025-15/
          https://www.mozilla.org/security/advisories/mfsa2025-16/
            https://www.mozilla.org/security/advisories/mfsa2025-17/
              https://www.mozilla.org/security/advisories/mfsa2025-18/
                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                Version: v25.2.1
                Back to top