Critical severity9.8NVD Advisory· Published Mar 4, 2025· Updated Apr 13, 2026
CVE-2025-1942
CVE-2025-1942
Description
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <136.0
- (no CPE)range: <136
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <136.0
- (no CPE)range: <136
Patches
Vulnerability mechanics
References
3- www.mozilla.org/security/advisories/mfsa2025-14/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-17/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.