7.7
CVE-2025-0241
- EPSS 0.71%
- Veröffentlicht 07.01.2025 16:15:38
- Zuletzt bearbeitet 13.04.2026 15:16:32
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
Memory corruption when using JavaScript Text Segmentation
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 128.6.0
Mozilla ≫ Thunderbird Version >= 129.0 < 134.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.491 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.7 | 2.2 | 5.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://www.mozilla.org/security/advisories/mfsa2025-01/
https://www.mozilla.org/security/advisories/mfsa2025-02/
https://www.mozilla.org/security/advisories/mfsa2025-04/
https://www.mozilla.org/security/advisories/mfsa2025-05/
https://bugzilla.mozilla.org/show_bug.cgi?id=1933023
https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html