Mozilla Foundation Security Advisory 2025-72

Security Vulnerabilities fixed in Thunderbird 140.2

Announced

August 19, 2025

Impact

high

Products

Thunderbird

Fixed in

Thunderbird 140.2

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

#CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component

Reporter: Oskar
Impact: high

Description

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process.

References

Bug 1979527

#CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component

Reporter: Tom Van Goethem
Impact: high

Description

'Same-origin policy bypass in the Graphics: Canvas2D component.'

References

Bug 1979782

#CVE-2025-9181: Uninitialized memory in the JavaScript Engine component

Reporter: Irvan Kurniawan
Impact: moderate

Description

Uninitialized memory in the JavaScript Engine component.

References

Bug 1977130

#CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component

Reporter: Irvan Kurniawan
Impact: low

Description

'Denial-of-service due to out-of-memory in the Graphics: WebRender component.'

References

Bug 1975837

#CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter: Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

#CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Reporter: The Mozilla Fuzzing Team
Impact: high

Description

Memory safety bugs present in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog