Login Sign Up

CVE-2025-0247

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2025-0247 is a critical memory safety vulnerability in Firefox and Thunderbird that could allow attackers to execute arbitrary code through memory corruption. This affects all users running Firefox versions below 134 or Thunderbird versions below 134. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 134, Thunderbird < 134
Operating Systems: Windows, Linux, macOS, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special settings or plugins required.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Browser/email client crashes, potential data leakage, and limited code execution in sandboxed environments.

🟢

If Mitigated

Minimal impact if systems are patched, use application sandboxing, and have proper endpoint protection.

🌐 Internet-Facing: HIGH - Web browsers and email clients are directly exposed to internet content and malicious websites.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing emails or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Memory corruption vulnerabilities in browsers are frequently weaponized. The CVSS score of 9.8 suggests high exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 134, Thunderbird 134

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-01/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to version 134. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript to reduce attack surface while waiting to patch

about:config → javascript.enabled = false

Use alternative browser

all

Switch to updated alternative browser until Firefox is patched

🧯 If You Can't Patch

  • Implement application whitelisting to block vulnerable Firefox/Thunderbird versions
  • Deploy network filtering to block malicious websites and restrict browser access

🔍 How to Verify

Check if Vulnerable:

Check Firefox/Thunderbird version in Help → About menu

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is 134 or higher in Help → About menu

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with memory access violations
  • Unusual process spawning from Firefox/Thunderbird

Network Indicators:

  • Connections to suspicious domains after visiting websites
  • Unusual outbound traffic patterns

SIEM Query:

source="firefox.log" AND (event_type="crash" OR error="memory_corruption")

📊 Metadata

CVE ID: CVE-2025-0247
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.76% exploit probability (72.9th percentile)
Published: January 7, 2025
Last Updated: April 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0247, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)