CVE-2025-11711
BaseFortify
Publication date: 2025-10-14
Last updated on: 2026-04-13
Assigner: Mozilla Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | thunderbird | to 140.0 (inc) |
| mozilla | firefox | From 60.9.0 (exc) |
| mozilla | firefox | From 60.9.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-591 | The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
By allowing modification of supposedly non-writeable JavaScript Object properties, this vulnerability could lead to unexpected behavior or security issues in affected applications, potentially enabling attackers to manipulate application logic or data in unintended ways.
Can you explain this vulnerability to me?
This vulnerability allows changing the value of JavaScript Object properties that were supposed to be non-writeable. Essentially, it breaks the intended immutability of certain object properties in Firefox and Thunderbird versions before the specified fixed releases.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Firefox to version 144 or later, Firefox ESR to version 115.29 or later, or Thunderbird to version 144 or later. Applying these updates will fix the issue related to changing non-writeable JavaScript Object properties.