CVE-2025-8035: Vulnerability in Mozilla Firefox
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
AI Analysis
Technical Summary
CVE-2025-8035 encompasses multiple memory safety bugs in Mozilla Firefox and Thunderbird versions prior to Firefox 141 and Thunderbird 141, including ESR releases 128.12 and 140.0. These bugs involve memory corruption issues that, with sufficient effort, could allow arbitrary code execution. The vulnerabilities are categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). Mozilla has released official patches in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1 to address these issues. The CVSS v3.1 base score is 8.8, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of these memory safety bugs could lead to arbitrary code execution, potentially compromising the confidentiality, integrity, and availability of affected systems. The vulnerabilities affect widely used Firefox and Thunderbird versions, posing a significant risk if unpatched. No known active exploits have been reported, but the high CVSS score reflects the critical nature of the underlying memory corruption issues.
Mitigation Recommendations
Official patches addressing CVE-2025-8035 are available and have been released by Mozilla in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1. Users and administrators should update affected Firefox and Thunderbird installations to these fixed versions or later to mitigate the vulnerabilities. There are no vendor advisories indicating that no action is required or that the issue is already mitigated without patching. Patch status is confirmed by the vendor advisory.
CVE-2025-8035: Vulnerability in Mozilla Firefox
Description
Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-8035 encompasses multiple memory safety bugs in Mozilla Firefox and Thunderbird versions prior to Firefox 141 and Thunderbird 141, including ESR releases 128.12 and 140.0. These bugs involve memory corruption issues that, with sufficient effort, could allow arbitrary code execution. The vulnerabilities are categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). Mozilla has released official patches in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1 to address these issues. The CVSS v3.1 base score is 8.8, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation of these memory safety bugs could lead to arbitrary code execution, potentially compromising the confidentiality, integrity, and availability of affected systems. The vulnerabilities affect widely used Firefox and Thunderbird versions, posing a significant risk if unpatched. No known active exploits have been reported, but the high CVSS score reflects the critical nature of the underlying memory corruption issues.
Mitigation Recommendations
Official patches addressing CVE-2025-8035 are available and have been released by Mozilla in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1. Users and administrators should update affected Firefox and Thunderbird installations to these fixed versions or later to mitigate the vulnerabilities. There are no vendor advisories indicating that no action is required or that the issue is already mitigated without patching. Patch status is confirmed by the vendor advisory.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-07-22T10:14:02.025Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 687ffd50a915ff00f7fb599e
Added to database: 7/22/2025, 9:06:24 PM
Last enriched: 4/14/2026, 11:53:56 AM
Last updated: 5/8/2026, 10:43:24 PM
Views: 77
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.