Login Sign Up

CVE-2025-11719

9.8 CRITICAL

📋 TL;DR

A use-after-free vulnerability in Thunderbird's native messaging API on Windows allows memory corruption when web extensions interact with the API. This affects Firefox versions before 144 and Thunderbird versions before 144, potentially leading to crashes or arbitrary code execution.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Thunderbird
Versions: Firefox < 144, Thunderbird < 144 (starting from Thunderbird 143)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows systems; requires web extensions using native messaging API.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Thunderbird/Firefox process, potentially leading to full system compromise.

🟠

Likely Case

Application crashes (denial of service) and potential memory corruption leading to information disclosure or limited code execution.

🟢

If Mitigated

Application crashes only, with no code execution due to sandboxing or exploit mitigations.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires triggering the vulnerable API through web extensions, which may need user interaction or specific extension configurations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 144, Thunderbird 144

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-81/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Go to Help > About Firefox/Thunderbird. 3. Allow the application to check for and install updates. 4. Restart the application when prompted.

🔧 Temporary Workarounds

Disable Native Messaging API

windows

Prevent web extensions from using the vulnerable native messaging API by disabling it via configuration.

Not applicable - configure via about:config in Firefox/Thunderbird

🧯 If You Can't Patch

  • Restrict or audit web extensions that use native messaging API.
  • Implement application sandboxing or exploit mitigation tools (e.g., EMET, Windows Defender Exploit Guard).

🔍 How to Verify

Check if Vulnerable:

Check the application version in Help > About Firefox/Thunderbird; if version is less than 144, it is vulnerable.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm the application version is 144 or higher after updating.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs with memory corruption errors
  • Unexpected process termination of Firefox/Thunderbird

Network Indicators:

  • Unusual network activity from Firefox/Thunderbird processes post-crash

SIEM Query:

EventID=1000 OR EventID=1001 Source='Application Error' AND Process Name='firefox.exe' OR 'thunderbird.exe'

📊 Metadata

CVE ID: CVE-2025-11719
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
EPSS Score: 0.08% exploit probability (22.8th percentile)
Published: October 14, 2025
Last Updated: November 14, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11719, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)