CVE-2025-1932

Summary

An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox128.8 <= 128.*unaffected
MozillaFirefox136 <= *unaffected
MozillaThunderbird128.8 <= 128.*unaffected
MozillaThunderbird136 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References