VDB
CESS-2025-1942
CESS-2025-1942
PUBLISHED
CVSS 9.8 CRITICAL
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
- Mar 4, 2025 CVE Published