QwikSec

Security Database

CVE

CWE

Training

CVE-2025-0238

Published: Jan 7, 2025

Modified: Apr 13, 2026

PUBLISHED

Description

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6.

Vendor	Product	Versions
Mozilla	Firefox	unaffected `115.19 - <= 115.` unaffected `128.6 - <= 128.` unaffected `134 - <= *`
Mozilla	Thunderbird	unaffected `128.6 - <= 128.` unaffected `134 - <= `

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1915535

https://www.mozilla.org/security/advisories/mfsa2025-01/

https://www.mozilla.org/security/advisories/mfsa2025-02/

https://www.mozilla.org/security/advisories/mfsa2025-03/

https://www.mozilla.org/security/advisories/mfsa2025-04/

https://www.mozilla.org/security/advisories/mfsa2025-05/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.