CVE-2025-11721

critical

Description

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 144 and Thunderbird 144.

References

https://www.mozilla.org/security/advisories/mfsa2025-84/

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://bugzilla.mozilla.org/show_bug.cgi?id=1986816

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2026-04-13

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00017