Vulnerability CVE-2025-1942: Information

Description

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

URL: https://nvd.nist.gov/vuln/detail/CVE-2025-1942
Published: March 4, 2025
Modified: March 12, 2025

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus136.0-alt1136.0.2-alt1ALT-PU-2025-4104-2376916Fixed
firefoxsisyphus_loongarch64136.0.1-alt0.port136.0.1-alt0.portALT-PU-2025-4467-1-Fixed
firefoxp11136.0.2-alt1135.0.1-alt1ALT-PU-2025-4567-1378599Testing
thunderbirdsisyphus136.0-alt1136.0-alt1ALT-PU-2025-4378-2378178Fixed
thunderbirdsisyphus_riscv64136.0-alt1136.0-alt1ALT-PU-2025-4408-1-Fixed
thunderbirdsisyphus_loongarch64136.0-alt1136.0-alt1ALT-PU-2025-4395-1-Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1947139
    https://www.mozilla.org/security/advisories/mfsa2025-14/
      https://www.mozilla.org/security/advisories/mfsa2025-17/
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v25.2.1
        Back to top