CVE-2025-1942

Summary

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox136 <= *unaffected
MozillaThunderbird136 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References