Login Sign Up

CVE-2025-9182

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause denial-of-service through memory exhaustion in Firefox and Thunderbird's WebRender graphics component. It affects all users running vulnerable versions of these applications, potentially crashing the browser or email client. The vulnerability is triggered by specially crafted web content.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 142, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 140.2
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable when using WebRender graphics backend.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash requiring restart, potential loss of unsaved work, and system instability if memory exhaustion affects other processes.

🟠

Likely Case

Browser/email client becomes unresponsive and crashes, requiring manual restart and potentially losing active sessions or unsaved data.

🟢

If Mitigated

Application crash with no data compromise, limited to the affected application without system-wide impact.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit malicious website or open malicious email content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 142+, Firefox ESR 140.2+, Thunderbird 142+, Thunderbird 140.2+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-64/

Restart Required: Yes

Instructions:

1. Open Firefox/Thunderbird. 2. Click menu → Help → About Firefox/Thunderbird. 3. Allow automatic update check and installation. 4. Restart application when prompted.

🔧 Temporary Workarounds

Disable WebRender

all

Disable the WebRender graphics backend to prevent exploitation

about:config → Set 'gfx.webrender.all' to false

Enable Content Security

all

Use NoScript or similar extensions to block untrusted JavaScript

🧯 If You Can't Patch

  • Restrict browsing to trusted websites only
  • Disable JavaScript execution for untrusted sites

🔍 How to Verify

Check if Vulnerable:

Check version in About Firefox/Thunderbird dialog

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 142+, Firefox ESR 140.2+, Thunderbird 142+, or Thunderbird 140.2+

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs
  • Out of memory errors
  • WebRender process termination

Network Indicators:

  • Multiple rapid connections to suspicious domains
  • Unusual memory consumption patterns

SIEM Query:

source="firefox.log" OR source="thunderbird.log" AND ("out of memory" OR "WebRender" OR "crash")

📊 Metadata

CVE ID: CVE-2025-9182
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400
EPSS Score: 0.08% exploit probability (23.2th percentile)
Published: August 19, 2025
Last Updated: October 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9182, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)