CVE-2025-4093
Publication date 29 April 2025
Last updated 24 September 2025
Ubuntu priority
Description
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| thunderbird | 25.04 plucky |
Not affected
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Fixed 1:128.12.0+build1-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-7663-1
- Thunderbird vulnerabilities
- 22 July 2025
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-4093
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
- https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
- https://www.mozilla.org/security/advisories/mfsa2025-29/
- https://www.mozilla.org/security/advisories/mfsa2025-32/