CVE-2025-9182
BaseFortify
Publication date: 2025-08-19
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a denial-of-service issue caused by an out-of-memory condition in the Graphics: WebRender component of Firefox and Thunderbird. It affects versions of Firefox earlier than 142 and Firefox ESR earlier than 140.2, as well as Thunderbird versions earlier than 142 and 140.2. An attacker could exploit this to cause the affected application to crash or become unresponsive.
How can this vulnerability impact me? :
The vulnerability can cause the affected Firefox or Thunderbird application to crash or become unresponsive due to running out of memory in the WebRender graphics component. This denial-of-service condition can disrupt normal use of the software, potentially leading to loss of productivity or interruption of services relying on these applications.