CVE-2025-1930: Vulnerability in Mozilla Firefox
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
AI Analysis
Technical Summary
CVE-2025-1930 is a use-after-free vulnerability affecting Mozilla Firefox on Windows platforms. It occurs when a compromised content process sends malformed StreamData via AudioIPC, causing the Browser process to dereference freed memory. This memory safety issue could lead to sandbox escape, elevating privileges beyond the content process. The vulnerability is tracked under CWE-416 and has a CVSS 3.1 base score of 8.8 (high severity) with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. Mozilla addressed this vulnerability in Firefox 136 and corresponding ESR and Thunderbird versions.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker controlling a compromised content process to escape the browser sandbox on Windows, potentially leading to arbitrary code execution with elevated privileges. This elevates the risk of system compromise beyond the browser context. No known exploits in the wild have been reported at the time of disclosure.
Mitigation Recommendations
This vulnerability has been fixed by Mozilla in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Users and administrators should update to these versions or later to remediate the issue. Since official fixes are available, applying these updates is the recommended and effective mitigation. Patch status is confirmed by Mozilla advisories linked in the vendor advisory content.
CVE-2025-1930: Vulnerability in Mozilla Firefox
Description
On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-1930 is a use-after-free vulnerability affecting Mozilla Firefox on Windows platforms. It occurs when a compromised content process sends malformed StreamData via AudioIPC, causing the Browser process to dereference freed memory. This memory safety issue could lead to sandbox escape, elevating privileges beyond the content process. The vulnerability is tracked under CWE-416 and has a CVSS 3.1 base score of 8.8 (high severity) with network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability. Mozilla addressed this vulnerability in Firefox 136 and corresponding ESR and Thunderbird versions.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker controlling a compromised content process to escape the browser sandbox on Windows, potentially leading to arbitrary code execution with elevated privileges. This elevates the risk of system compromise beyond the browser context. No known exploits in the wild have been reported at the time of disclosure.
Mitigation Recommendations
This vulnerability has been fixed by Mozilla in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Users and administrators should update to these versions or later to remediate the issue. Since official fixes are available, applying these updates is the recommended and effective mitigation. Patch status is confirmed by Mozilla advisories linked in the vendor advisory content.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-03-04T12:29:23.496Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.mozilla.org/security/advisories/mfsa2025-14/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-15/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-16/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-17/","vendor":"Mozilla"},{"url":"https://www.mozilla.org/security/advisories/mfsa2025-18/","vendor":"Mozilla"}]
Threat ID: 69dd057382d89c981f016fad
Added to database: 4/13/2026, 3:02:11 PM
Last enriched: 4/13/2026, 3:17:31 PM
Last updated: 4/14/2026, 6:03:41 AM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.