High severity7.3NVD Advisory· Published May 27, 2025· Updated Apr 13, 2026

CVE-2025-5272

Description

Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 139 and Thunderbird 139.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Mozilla Corporation/Firefox2 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <139.0
- (no CPE)range: <139
Mozilla Corporation/Thunderbird2 versions
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*range: <139.0
- (no CPE)range: <139
osv-coords
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Range: < 139.0.1-1.1

Patches

Vulnerability mechanics

References

www.mozilla.org/security/advisories/mfsa2025-42/nvdVendor Advisory
bugzilla.mozilla.org/buglist.cginvdBroken Link
www.mozilla.org/security/advisories/mfsa2025-45/nvd

News mentions

No linked articles in our index yet.

cvss	0.474
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000