CVE-2025-9181

Description

Uninitialized memory in the JavaScript Engine component. This vulnerability was fixed in Firefox 142, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

References

https://www.mozilla.org/security/advisories/mfsa2025-72/

https://www.mozilla.org/security/advisories/mfsa2025-71/

https://www.mozilla.org/security/advisories/mfsa2025-70/

https://www.mozilla.org/security/advisories/mfsa2025-67/

https://www.mozilla.org/security/advisories/mfsa2025-66/

https://www.mozilla.org/security/advisories/mfsa2025-64/

https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html

https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1977130

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3

EPSS