CVE-2025-1931
Published: 04 March 2025
Summary
CVE-2025-1931 is a high-severity Use After Free (CWE-416) vulnerability in Mozilla Firefox. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 40.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and patching of the use-after-free flaw in Firefox and Thunderbird WebTransport, directly mitigating the CVE through software updates to fixed versions.
Implements memory protections like ASLR, DEP, and stack guards that prevent exploitation of use-after-free vulnerabilities by blocking unauthorized code execution in corrupted memory.
Enforces process isolation for browser content processes, limiting the scope and impact of crashes or potential exploits from WebTransport connections.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
UAF in browser content process enables remote crash for DoS via application exploitation (T1499.004) and potentially client-side code execution (T1203) as foundation for further compromise.
NVD Description
It was possible to cause a use-after-free in the content process side of a WebTransport connection, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
Deeper analysisAI
CVE-2025-1931 is a use-after-free vulnerability (CWE-416) occurring in the content process side of a WebTransport connection within Mozilla Firefox and Thunderbird products. This flaw enables a potentially exploitable crash and affects versions of Firefox prior to 136, Firefox ESR prior to 115.21 and 128.8, and Thunderbird prior to 136 and 128.8. The issue was publicly disclosed on March 4, 2025.
With a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), the vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to a denial-of-service condition through a crash in the browser's content process, which may serve as a foundation for further compromise given its potentially exploitable nature.
Mozilla resolved the vulnerability in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Security practitioners should review Mozilla Security Advisories MFSA 2025-14, MFSA 2025-15, MFSA 2025-16, and MFSA 2025-17, along with Bugzilla entry 1944126, for patch deployment guidance and additional technical details.
Details
- CWE(s)