CVE-2025-3608

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3608
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1951554 Permissions Required
https://www.cve.org/CVERecord?id=CVE-2025-3608 Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2025-25/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
History

13 Apr 2026, 15:16

Type Values Removed Values Added
Summary (en) A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability affects Firefox < 137.0.2. (en) A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.

21 May 2025, 19:48

Type Values Removed Values Added
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1951554 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1951554 - Permissions Required
References () https://www.cve.org/CVERecord?id=CVE-2025-3608 - () https://www.cve.org/CVERecord?id=CVE-2025-3608 - Third Party Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-25/ - () https://www.mozilla.org/security/advisories/mfsa2025-25/ - Vendor Advisory
CPE cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
First Time Mozilla firefox
Mozilla

18 Apr 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5

17 Apr 2025, 18:15

Type Values Removed Values Added
CWE CWE-362
Summary
  • (es) Existía una condición de ejecución en nsHttpTransaction que podría haberse explotado para causar corrupción de memoria, lo que podría dar lugar a una condición explotable. Esta vulnerabilidad afecta a Firefox anterior a la versión 137.0.2.

15 Apr 2025, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-15 13:15

Updated : 2026-04-13 15:16

NVD link : CVE-2025-3608

Mitre link : CVE-2025-3608

CVE.ORG link : CVE-2025-3608

JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')