CVE-2025-1943: Memory safety bugs fixed in Firefox 136 and Thunderbird 136

Q: What is the severity of CVE-2025-1943?

CVE-2025-1943 is considered to have high severity due to the potential for memory corruption and arbitrary code execution.

Q: How do I fix CVE-2025-1943?

To fix CVE-2025-1943, users should update to Mozilla Firefox version 136 or higher.

Q: Which software is affected by CVE-2025-1943?

CVE-2025-1943 affects Mozilla Firefox versions up to 135 and Mozilla Thunderbird.

Q: Can CVE-2025-1943 lead to data breaches?

Yes, if exploited, CVE-2025-1943 could potentially lead to data breaches through arbitrary code execution.

Q: Is CVE-2025-1943 being actively exploited?

As of the current information available, there is no confirmation that CVE-2025-1943 is actively being exploited in the wild.

Published Mar 4, 2025

Updated

Memory safety bugs present in Firefox 135 and Thunderbird 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

Affected Software

6 affected componentsFixes available

Mozilla Firefox<136

Mozilla Thunderbird

Mozilla Firefox<136

136

Mozilla Thunderbird<136

136

Mozilla Firefox<136.0

Mozilla Thunderbird<136.0

Event History

Mar 4, 2025

CVE Published

via Mozilla·12:00 AM

CVE Published

via MITRE·01:31 PM

Data Sourced

via MITRE·01:31 PM

Description

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2025-1943?

CVE-2025-1943 is considered to have high severity due to the potential for memory corruption and arbitrary code execution.

How do I fix CVE-2025-1943?

To fix CVE-2025-1943, users should update to Mozilla Firefox version 136 or higher.

Which software is affected by CVE-2025-1943?