CVE-2025-11719: Vulnerability in Mozilla Firefox
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
AI Analysis
Technical Summary
Starting in Firefox and Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to use-after-free memory corruption, causing application crashes. This vulnerability (CVE-2025-11719) was addressed and fixed in Firefox 144 and Thunderbird 144. The issue is classified under CWE-416 (Use After Free) and has a CVSS v3.1 base score of 9.8, reflecting its critical severity with network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vendor advisory confirms the fix and recommends updating to version 144 or later.
Potential Impact
Successful exploitation of this vulnerability could cause crashes in Firefox or Thunderbird on Windows due to use-after-free memory corruption. The CVSS score of 9.8 indicates that the vulnerability could potentially allow an attacker to execute arbitrary code or cause denial of service, impacting confidentiality, integrity, and availability. However, no known exploits are reported in the wild. The vulnerability affects users running versions 143 of Firefox or Thunderbird on Windows platforms.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 144 and Thunderbird 144. Users and administrators should update affected products to version 144 or later to remediate this issue. Since the vulnerability is patched, no additional mitigation steps are required beyond applying the official updates.
CVE-2025-11719: Vulnerability in Mozilla Firefox
Description
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Starting in Firefox and Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to use-after-free memory corruption, causing application crashes. This vulnerability (CVE-2025-11719) was addressed and fixed in Firefox 144 and Thunderbird 144. The issue is classified under CWE-416 (Use After Free) and has a CVSS v3.1 base score of 9.8, reflecting its critical severity with network attack vector, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. The vendor advisory confirms the fix and recommends updating to version 144 or later.
Potential Impact
Successful exploitation of this vulnerability could cause crashes in Firefox or Thunderbird on Windows due to use-after-free memory corruption. The CVSS score of 9.8 indicates that the vulnerability could potentially allow an attacker to execute arbitrary code or cause denial of service, impacting confidentiality, integrity, and availability. However, no known exploits are reported in the wild. The vulnerability affects users running versions 143 of Firefox or Thunderbird on Windows platforms.
Mitigation Recommendations
Mozilla has released official fixes for this vulnerability in Firefox 144 and Thunderbird 144. Users and administrators should update affected products to version 144 or later to remediate this issue. Since the vulnerability is patched, no additional mitigation steps are required beyond applying the official updates.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-10-13T19:50:20.373Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68ee47d0509368ccaa6fc9a3
Added to database: 10/14/2025, 12:53:36 PM
Last enriched: 4/14/2026, 11:36:32 AM
Last updated: 5/9/2026, 11:16:55 PM
Views: 221
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.