High severity7.4NVD Advisory· Published Apr 1, 2025· Updated Apr 13, 2026
CVE-2025-3032
CVE-2025-3032
Description
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <137.0
- (no CPE)range: <=137
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <137.0
- (no CPE)range: <=137
- osv-coords2 versions
< 140.5.0-r0+ 1 more
- (no CPE)range: < 140.5.0-r0
- (no CPE)range: < 137.0-1.1
Patches
Vulnerability mechanics
References
3- www.mozilla.org/security/advisories/mfsa2025-20/nvdVendor Advisory
- www.mozilla.org/security/advisories/mfsa2025-23/nvdVendor Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.