CVE-2025-1938

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-1938

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-1938.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-1938

Downstream

DEBIAN-CVE-2025-1938

DLA-4078-1

DLA-4081-1

DSA-5874-1

DSA-5876-1

OESA-2025-1265

OESA-2025-1266

OESA-2025-1267

OESA-2025-1268

OESA-2025-1835

RHSA-2025:2359

RHSA-2025:2452

RHSA-2025:2479

RHSA-2025:2480

RHSA-2025:2481

RHSA-2025:2484

RHSA-2025:2485

RHSA-2025:2486

RHSA-2025:2699

RHSA-2025:2708

RHSA-2025:2899

RHSA-2025:2900

RHSA-2025:2957

RHSA-2025:2958

RHSA-2025:2959

RHSA-2025:2960

RHSA-2025:3009

RHSA-2025:3013

RHSA-2025:3036

RLSA-2025:2452

RLSA-2025:2900

SUSE-SU-2025:0783-1

SUSE-SU-2025:0788-1

SUSE-SU-2025:0849-1

UBUNTU-CVE-2025-1938

USN-7663-1

openSUSE-SU-2025:14852-1

openSUSE-SU-2025:14853-1

openSUSE-SU-2025:14861-1

Related

Published

2025-03-04T14:15:38Z

Modified

2025-08-09T19:01:26Z

Summary

[none]

Details

Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

References

Affected packages