Login Sign Up

CVE-2025-1934

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability allows an attacker to interrupt RegExp bailout processing and execute additional JavaScript, potentially triggering unexpected garbage collection in the JavaScript engine. This affects Firefox, Firefox ESR, Thunderbird, and Thunderbird ESR users running outdated versions.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
  • Thunderbird ESR
Versions: Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, Thunderbird < 128.8
Operating Systems: Windows, macOS, Linux, All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. No special settings required for exploitation.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution leading to complete system compromise, data theft, or malware installation.

🟠

Likely Case

Browser crash, denial of service, or limited memory corruption leading to unstable application behavior.

🟢

If Mitigated

No impact if patched versions are deployed with proper security controls.

🌐 Internet-Facing: HIGH - Web browsers process untrusted content from the internet, making exploitation likely via malicious websites.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal sites, but attack surface is more limited.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires JavaScript execution but no authentication. Complexity is medium due to timing requirements for interrupting bailout processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 136+, Firefox ESR 128.8+, Thunderbird 136+, Thunderbird ESR 128.8+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-14/

Restart Required: Yes

Instructions:

1. Open affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow automatic update to complete. 4. Restart application when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript execution to prevent exploitation.

about:config > javascript.enabled = false

Use Content Security Policy

all

Implement strict CSP to limit script execution on web applications.

Content-Security-Policy: script-src 'self'

🧯 If You Can't Patch

  • Restrict access to untrusted websites and disable automatic JavaScript execution.
  • Implement network segmentation and monitor for unusual browser behavior or crashes.

🔍 How to Verify

Check if Vulnerable:

Check application version in Help > About Firefox/Thunderbird and compare with affected versions.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 136+, Firefox ESR 128.8+, Thunderbird 136+, or Thunderbird ESR 128.8+.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes, abnormal memory usage patterns, unexpected garbage collection events

Network Indicators:

  • Requests to known malicious domains hosting exploit code

SIEM Query:

source="browser_logs" AND (event="crash" OR event="memory_error") AND version<136

📊 Metadata

CVE ID: CVE-2025-1934
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score: 0.54% exploit probability (67th percentile)
Published: March 4, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON