CVE-2025-9179

Critical

Published: 19 August 2025

Published

19 August 2025

Modified

13 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0017 38.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9179 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Mozilla Firefox. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 38.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely flaw remediation through patching, directly addressing the memory corruption vulnerability fixed in updated Firefox and Thunderbird versions.

SI-16 Memory Protection good match

prevent

SI-16 provides memory protection mechanisms like ASLR and DEP to prevent exploitation of memory corruption (CWE-119) in the GMP process.

SC-39 Process Isolation partial match

prevent

SC-39 enforces process isolation via the GMP sandbox, limiting the scope of compromise despite differing privileges from the content process.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

Why these techniques?

Memory corruption in sandboxed browser GMP process directly enables client-side exploitation for code execution (T1203).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR…

115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2.

Deeper analysisAI

CVE-2025-9179 is a memory corruption vulnerability (CWE-119) in the GMP process, which handles encrypted media in Mozilla Firefox and Thunderbird. This process is heavily sandboxed but maintains slightly different privileges compared to the content process. The issue affects Firefox and Thunderbird versions prior to Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14, Firefox ESR 140.2, Thunderbird 142, Thunderbird 128.14, and Thunderbird 140.2. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.

A remote attacker can exploit this vulnerability over the network with low attack complexity, requiring no privileges or user interaction. Exploitation enables memory corruption within the sandboxed GMP process, potentially compromising confidentiality, integrity, and availability to a high degree due to the privilege differences from the content process.

Mozilla security advisories MFSA2025-64, MFSA2025-65, MFSA2025-66, and MFSA2025-67, along with Bugzilla entry 1979527, detail the patches applied in the listed fixed versions of Firefox and Thunderbird to mitigate the vulnerability.

Details

CWE(s): CWE-119

Affected Products

mozilla

firefox

≤ 115.27.0 · ≤ 142.0 · 128.0 — 128.14.0

mozilla

thunderbird

≤ 128.14.0 · ≤ 142.0 · 140.0 — 140.2.0

CVEs Like This One

CVE-2026-4710Same product: Mozilla Firefox

CVE-2025-9185Same product: Mozilla Firefox

CVE-2025-8035Same product: Mozilla Firefox

CVE-2025-9184Same product: Mozilla Firefox

CVE-2026-0891Same product: Mozilla Firefox

CVE-2026-5731Same product: Mozilla Firefox

CVE-2026-6752Same product: Mozilla Firefox

CVE-2026-0892Same product: Mozilla Firefox

CVE-2026-6776Same product: Mozilla Firefox

CVE-2026-2779Same product: Mozilla Firefox

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1979527
Issue Tracking, Permissions Required · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-64/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-65/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-66/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-67/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-70/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-71/
Vendor Advisory · security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2025-72/
Vendor Advisory · security@mozilla.org
https://lists.debian.org/debian-lts-announce/2025/08/msg00016.html
af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/08/msg00018.html
af854a3a-2127-422b-91ae-364da2661108