CVE-2025-0241
Published: 07 January 2025
Summary
CVE-2025-0241 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Mozilla Firefox. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates timely remediation of software flaws like this memory corruption vulnerability through patching to fixed versions such as Firefox 134.
Deploys memory protection mechanisms such as ASLR and DEP to safeguard against unauthorized memory access or execution resulting from text segmentation corruption.
Requires validation of information inputs like specially crafted text to block malformed data from reaching the vulnerable segmentation process.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption in client-side Mozilla apps (browser/email) directly enables drive-by compromise and client-side exploitation for code execution.
NVD Description
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.
Deeper analysisAI
CVE-2025-0241 is a memory corruption vulnerability triggered during the segmentation of specially crafted text in Mozilla products. The flaw causes memory corruption that can lead to a potentially exploitable crash. It affects Firefox versions prior to 134, Firefox ESR versions prior to 128.6, Thunderbird versions prior to 134, and Thunderbird ESR versions prior to 128.6.
The vulnerability carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L). Remote attackers with no required privileges or user interaction can exploit it over the network, though it demands high attack complexity. Successful exploitation enables high-impact confidentiality and integrity violations, such as unauthorized data access or modification, alongside low-impact availability disruption through a crash.
Mozilla advisories MFSA 2025-01, MFSA 2025-02, MFSA 2025-04, and MFSA 2025-05, along with Bugzilla entry 1933023, confirm the issue was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6. Users should update to these patched versions for mitigation.
Details
- CWE(s)