CVE-2025-0241
Published: 07 January 2025
Description
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
Security Summary
CVE-2025-0241 is a memory corruption vulnerability triggered during the segmentation of specially crafted text in Mozilla products. The flaw causes memory corruption that can lead to a potentially exploitable crash. It affects Firefox versions prior to 134, Firefox ESR versions prior to 128.6, Thunderbird versions prior to 134, and Thunderbird ESR versions prior to 128.6.
The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). Remote attackers with no required privileges or user interaction can exploit it over the network, though it demands high attack complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as unauthorized data access or modification, alongside low-impact availability disruption through a crash.
Mozilla advisories MFSA 2025-01, MFSA 2025-02, MFSA 2025-04, and MFSA 2025-05, along with Bugzilla entry 1933023, confirm the issue was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6. Users should update to these patched versions for mitigation.
Details
- CWE(s)