VDB

CESS-2025-1942

CESS-2025-1942 PUBLISHED CVSS 9.8 CRITICAL

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Risk Scores

CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

  • Mar 4, 2025 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›