CVE-2025-10537

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

History

20 Sep 2025, 02:58

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067 - () https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067 - Issue Tracking
References () https://www.mozilla.org/security/advisories/mfsa2025-73/ - () https://www.mozilla.org/security/advisories/mfsa2025-73/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-75/ - () https://www.mozilla.org/security/advisories/mfsa2025-75/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-77/ - () https://www.mozilla.org/security/advisories/mfsa2025-77/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-78/ - () https://www.mozilla.org/security/advisories/mfsa2025-78/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
First Time Mozilla
Mozilla thunderbird
Mozilla firefox

16 Sep 2025, 19:15

Type Values Removed Values Added
CWE CWE-119
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

16 Sep 2025, 15:15

Type Values Removed Values Added
Summary (en) Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143 and Firefox ESR < 140.3. (en) Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 143, Firefox ESR < 140.3, Thunderbird < 143, and Thunderbird < 140.3.
References
  • () https://www.mozilla.org/security/advisories/mfsa2025-77/ -
  • () https://www.mozilla.org/security/advisories/mfsa2025-78/ -

16 Sep 2025, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-16 13:15

Updated : 2025-09-20 02:58


NVD link : CVE-2025-10537

Mitre link : CVE-2025-10537

CVE.ORG link : CVE-2025-10537


JSON object : View

Products Affected

mozilla

  • thunderbird
  • firefox
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer