Login Sign Up

CVE-2025-1932

8.1 HIGH
Cross-Site Scripting Denial of Service

📋 TL;DR

A memory corruption vulnerability in Firefox and Thunderbird's XSLT processor could allow attackers to execute arbitrary code or cause denial of service. This affects Firefox versions before 136, Firefox ESR before 128.8, Thunderbird before 136, and Thunderbird ESR before 128.8.

💻 Affected Systems

Products:
  • Mozilla Firefox
  • Mozilla Firefox ESR
  • Mozilla Thunderbird
  • Mozilla Thunderbird ESR
Versions: Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, Thunderbird ESR < 128.8
Operating Systems: All platforms where affected versions run
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects versions 122 and later of the underlying XSLT component

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Browser/application crash (denial of service) or limited information disclosure

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls

🌐 Internet-Facing: HIGH - Web browsers process untrusted content from the internet
🏢 Internal Only: MEDIUM - Internal web applications could potentially trigger the vulnerability

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user to visit malicious website or open malicious email/attachment

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 136+, Firefox ESR 128.8+, Thunderbird 136+, Thunderbird ESR 128.8+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-14/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update to complete. 4. Restart the application.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily reduces attack surface but breaks most websites

about:config → javascript.enabled = false

Use alternative browser

all

Switch to updated or unaffected browser until patched

🧯 If You Can't Patch

  • Restrict access to untrusted websites and email attachments
  • Implement network filtering to block known malicious domains

🔍 How to Verify

Check if Vulnerable:

Check Help → About Firefox/Thunderbird for version number

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox ≥136, Firefox ESR ≥128.8, Thunderbird ≥136, or Thunderbird ESR ≥128.8

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with XSLT-related stack traces
  • Unexpected memory access errors in application logs

Network Indicators:

  • Requests to domains serving XSLT content
  • Unusual outbound connections after visiting websites

SIEM Query:

source="firefox.log" OR source="thunderbird.log" AND ("crash" OR "segfault" OR "xslt" OR "txNodeSorter")

📊 Metadata

CVE ID: CVE-2025-1932
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-125
EPSS Score: 0.37% exploit probability (58.6th percentile)
Published: March 4, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1932, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)