CVE-2025-1414

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1414
Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1943179 Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-12/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
History

13 Apr 2026, 15:16

Type Values Removed Values Added
Summary (en) Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1. (en) Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135.0.1.

28 Mar 2025, 19:05

Type Values Removed Values Added
First Time Mozilla firefox
Mozilla
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1943179 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1943179 - Issue Tracking, Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-12/ - () https://www.mozilla.org/security/advisories/mfsa2025-12/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Summary
  • (es) Los errores de seguridad de la memoria presentes en Firefox 135. Algunos de estos errores mostraron evidencia de corrupción de la memoria y suponemos que con suficiente esfuerzo, algunos de estos podrían haber sido explotados para ejecutar código arbitrario. Esta vulnerabilidad afecta a Firefox &lt;135.0.1.

18 Feb 2025, 21:15

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

18 Feb 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-18 14:15

Updated : 2026-04-13 15:16

NVD link : CVE-2025-1414

Mitre link : CVE-2025-1414

CVE.ORG link : CVE-2025-1414

JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-787

Out-of-bounds Write