CVE-2025-1932

High

Published: 04 March 2025

Published

04 March 2025

Modified

13 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS Score 0.0018 39.6th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1932 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Mozilla Firefox. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 39.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-5 (Security Alerts, Advisories, and Directives).

Threat & Defense at a Glance

What attackers do: exploitation maps to Drive-by Compromise (T1189) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely remediation of software flaws like the inconsistent comparator in xslt/txNodeSorter via patches to Firefox 136 or equivalent.

SI-5 Security Alerts, Advisories, and Directives good match

detect

Ensures receipt and dissemination of vendor security advisories such as Mozilla's MFSA for CVE-2025-1932, enabling rapid flaw identification.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Supports scanning systems for vulnerable Firefox/Thunderbird versions affected by the out-of-bounds read vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1189 Drive-by Compromise Initial Access

Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

Why these techniques?

The CVE describes remote exploitation via user interaction to load malicious XSLT content in a browser or email client, directly enabling drive-by compromise through malicious websites and user execution or spearphishing via malicious links.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Deeper analysisAI

CVE-2025-1932 is a vulnerability stemming from an inconsistent comparator in the xslt/txNodeSorter component, which could lead to potentially exploitable out-of-bounds access classified under CWE-125 (Out-of-bounds Read). It affects Mozilla Firefox versions 122 and later, Firefox ESR, and Thunderbird, with the issue fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. The vulnerability carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H), indicating high severity due to its potential for significant confidentiality and availability impacts.

Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges required, but it necessitates user interaction, such as loading malicious XSLT content in a browser or email client. Successful exploitation could result in high-impact confidentiality breaches by reading sensitive process memory and high-impact availability disruptions like application crashes or denial of service, without affecting integrity.

Mozilla's security advisories (MFSA 2025-14, 2025-16, 2025-17, and 2025-18) and the associated Bugzilla entry recommend updating to the patched versions—Firefox 136, Firefox ESR 128.8, Thunderbird 136, or Thunderbird 128.8—as the primary mitigation. No workarounds are specified in the provided details.

Details

CWE(s): CWE-125

Affected Products

mozilla

firefox

≤ 128.8.0 · ≤ 136.0

mozilla

thunderbird

] — 128.8.0 · 129.0 — 136.0

CVEs Like This One

CVE-2026-2771Same product: Mozilla Firefox

CVE-2026-6762Same product: Mozilla Firefox

CVE-2026-0877Same product: Mozilla Firefox

CVE-2025-8043Same product: Mozilla Firefox

CVE-2026-6784Same product: Mozilla Firefox

CVE-2025-8034Same product: Mozilla Firefox

CVE-2026-2802Same product: Mozilla Firefox

CVE-2026-5735Same product: Mozilla Firefox

CVE-2026-6774Same product: Mozilla Firefox

CVE-2025-1012Same product: Mozilla Firefox

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1944313
Issue Tracking · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-14/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-16/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-17/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-18/
Vendor Advisory · security@mozilla.org
https://lists.debian.org/debian-lts-announce/2025/03/msg00006.html
af854a3a-2127-422b-91ae-364da2661108