DEBIAN-CVE-2025-0243

DEBIAN-CVE-2025-0243 PUBLISHED CVSS 5.099999904632568 MEDIUM

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.

Risk Scores

CVSS 3.1

5.099999904632568

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:13	firefox-esr	0, 0
Debian:12	firefox-esr	115.6.0esr-1~deb10u1, 115.6.0esr-1, 115.5.0esr-1~deb12u1
Debian:14	thunderbird	0, 0
Debian:13	thunderbird	0, 0
Debian:14	firefox-esr	0, 0
Debian:11	firefox-esr	, , *
Debian:12	thunderbird	0, 1:102.11.0-1, 1:102.12.0-1
Debian:11	thunderbird	, , *

Exploit Intelligence

seen_cves.json (github-poc)

Timeline

Jan 7, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-0243 advisory

Open in Interactive Console →