Login Sign Up

CVE-2025-0241

7.7 HIGH
Denial of Service

📋 TL;DR

A memory corruption vulnerability in text segmentation components of Mozilla products could allow attackers to cause crashes or potentially execute arbitrary code. This affects Firefox, Firefox ESR, and Thunderbird users running outdated versions. Attackers could exploit this by tricking users into viewing specially crafted text content.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, Thunderbird < 128.6
Operating Systems: Windows, macOS, Linux, Android
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or malware installation.

🟠

Likely Case

Application crash (denial of service) or limited memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

Application crash with no data loss if proper sandboxing and exploit mitigations are enabled.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (viewing malicious content). Memory corruption vulnerabilities in browsers often lead to RCE chains.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 134+, Firefox ESR 128.6+, Thunderbird 134+, Thunderbird 128.6+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-01/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update download and installation. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Reduces attack surface by disabling JavaScript execution, though this breaks many websites.

Use Content Security Policy

web servers

Implement strict CSP headers to restrict content sources.

🧯 If You Can't Patch

  • Restrict access to untrusted websites and email content
  • Enable enhanced security settings and sandboxing features

🔍 How to Verify

Check if Vulnerable:

Check application version in Help → About menu. If version is below patched versions, system is vulnerable.

Check Version:

firefox --version || thunderbird --version

Verify Fix Applied:

Confirm version is at or above Firefox 134, Firefox ESR 128.6, Thunderbird 134, or Thunderbird 128.6.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Segmentation fault errors
  • Unexpected process termination

Network Indicators:

  • Requests to suspicious domains containing crafted text payloads

SIEM Query:

source="*firefox*" OR source="*thunderbird*" AND (event="crash" OR event="segmentation fault")

📊 Metadata

CVE ID: CVE-2025-0241
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CWE: CWE-401
EPSS Score: 0.56% exploit probability (67.6th percentile)
Published: January 7, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0241, you might also want to check these:

CVE-2021-40633 8.8

CVE-2021-40633 is a memory leak vulnerability in gif2rgb, a utility in giflib 5.1.4, allowing remote...

Same vulnerability type (CWE-401)
CVE-2021-3492 8.8

CVE-2021-3492 is a kernel vulnerability in Ubuntu's Shiftfs filesystem where improper error handling...

Same vulnerability type (CWE-401)
CVE-2024-25450 8.8

CVE-2024-25450 is a memory allocation vulnerability in imlib2 v1.9.1's init_imlib_fonts() function t...

Same vulnerability type (CWE-401)