CVE-2025-8033
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-22

Last updated on: 2026-04-13

Assigner: Mozilla Corporation

Description
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-22
Last Modified
2026-04-13
Generated
2026-05-07
AI Q&A
2025-07-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-8033
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
mozilla firefox From 60.9.0 (exc)
mozilla thunderbird to 140.0 (inc)
mozilla thunderbird to 140.0 (inc)
mozilla thunderbird to 140.0 (inc)
mozilla firefox From 60.9.0 (exc)
mozilla firefox From 60.9.0 (exc)
mozilla firefox From 60.9.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the JavaScript engine incorrectly handling closed generators, allowing them to be resumed. This improper handling can lead to a nullptr dereference, which is a type of error where the program attempts to access memory through a null pointer, potentially causing crashes or unexpected behavior.


How can this vulnerability impact me? :

The vulnerability can cause the affected applications (Firefox and Thunderbird versions listed) to crash or behave unexpectedly due to the nullptr dereference. This could potentially be exploited to disrupt normal operation or cause denial of service.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart