CVE-2025-9181
BaseFortify
Publication date: 2025-08-19
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-457 | The code uses a variable that has not been initialized, leading to unpredictable or unintended results. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves uninitialized memory in the JavaScript Engine component of Firefox and Thunderbird. It affects versions of Firefox below 142 and certain ESR versions, as well as Thunderbird versions below 142 and certain ESR versions. Uninitialized memory vulnerabilities can potentially lead to unpredictable behavior or security issues because the software may access memory that has not been properly set or cleared.
How can this vulnerability impact me? :
The impact of this vulnerability could include potential security risks such as information disclosure or application instability due to the use of uninitialized memory in the JavaScript Engine. This could be exploited by attackers to cause unexpected behavior or gain access to sensitive information when using affected versions of Firefox or Thunderbird.