CVE-2025-11721

critical

Description

Memory safety bug present in Firefox 143 and Thunderbird 143. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 144 and Thunderbird < 144.

References

https://www.mozilla.org/security/advisories/mfsa2025-84/

https://www.mozilla.org/security/advisories/mfsa2025-81/

https://bugzilla.mozilla.org/show_bug.cgi?id=1986816

Details

Source: Mitre, NVD

Published: 2025-10-14

Updated: 2025-10-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00017