CVE-2025-1942: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer
Published Mar 4, 2025
·Updated
Last updated 6 March 2025
Other sources
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string
— Mozilla
Affected Software
6 affected componentsFixes available
Mozilla Firefox<136
Mozilla Firefox<136
136
Mozilla Thunderbird<136
136
debian/firefox
136.0.1-1
Mozilla Firefox<136.0
Mozilla Thunderbird<136.0
Event History
Mar 4, 2025
CVE Published
via Mozilla·12:00 AM
CVE Published
via MITRE·01:31 PM
Data Sourced
via MITRE·01:31 PM
Description
Data Sourced
via NVD·02:15 PM
Description
Data Sourced
via NVD·02:15 PM
SeverityWeaknessAffected Software
Mar 10, 2025
Data Sourced
via Ubuntu·04:52 PM
RemedyDescriptionSeverityAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is the severity of CVE-2025-1942?
The severity of CVE-2025-1942 is rated as high due to potential exposure of sensitive information from uninitialized memory.
2
How do I fix CVE-2025-1942?
To fix CVE-2025-1942, update Mozilla Firefox to version 136 or higher.
3
What are the implications of CVE-2025-1942?
The implications of CVE-2025-1942 include potential exposure of sensitive data and security risks associated with uninitialized memory.
4
What versions of Firefox are affected by CVE-2025-1942?
CVE-2025-1942 affects versions of Mozilla Firefox up to and including 136.
5
Can CVE-2025-1942 lead to code execution?
CVE-2025-1942 does not directly lead to code execution but may expose sensitive information that could be exploited.