6.5

CVE-2025-9181

Uninitialized memory in the JavaScript Engine component

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox SwEditionesr Version < 128.14.0
MozillaFirefox SwEdition- Version < 142.0
MozillaFirefox SwEditionesr Version >= 140.0 < 140.2.0
MozillaThunderbird SwEditionesr Version < 128.14.0
MozillaThunderbird SwEdition- Version < 142.0
MozillaThunderbird SwEditionesr Version >= 140.0 < 140.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.292
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-457 Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

https://bugzilla.mozilla.org/show_bug.cgi?id=1977130
Issue Tracking
Permissions Required