{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1930", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-04T12:29:23.496Z", "datePublished": "2025-03-04T13:31:22.418Z", "dateUpdated": "2026-04-13T14:27:31.484Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.21", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.8", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.8", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8."}]}], "title": "AudioIPC StreamData could trigger a use-after-free in the Browser process", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902309"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/"}], "credits": [{"lang": "en", "value": "dalmurino"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:31.484Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-05T16:42:08.694291Z", "id": "CVE-2025-1930", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T16:42:55.992Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1930", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-05T16:42:08.694291Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T16:42:49.571Z"}}], "cna": {"title": "AudioIPC StreamData could trigger a use-after-free in the Browser process", "credits": [{"lang": "en", "value": "dalmurino"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.21", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.8", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.8", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902309"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-15/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-16/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-18/"}], "descriptions": [{"lang": "en", "value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "supportingMedia": [{"type": "text/html", "value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:31.484Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1930", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:27:31.484Z", "dateReserved": "2025-03-04T12:29:23.496Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-03-04T13:31:22.418Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "68BC8333-E840-48AF-A5A1-44D7D74F244A", "versionEndExcluding": "115.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DB4CDD0-EC54-43D0-ACB2-F159ABA53D2C", "versionEndExcluding": "136.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "4F666780-2794-46E3-86C5-3C0406FB2B34", "versionEndExcluding": "128.8.0", "versionStartIncluding": "116.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "C6A9A47A-A666-43B6-8816-69AF92B19A00", "versionEndExcluding": "128.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "7651BA82-6007-4432-BF12-25A9987FB816", "versionEndExcluding": "136.0", "versionStartExcluding": "1.28.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8."}, {"lang": "es", "value": "En Windows, un proceso de contenido comprometido podr\u00eda usar datos StreamData err\u00f3neos enviados a trav\u00e9s de AudioIPC para activar un proceso de use-after-free en el proceso del navegador. Esto podr\u00eda haber provocado un escape de la zona protegida. Esta vulnerabilidad afecta a Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136 y Thunderbird < 128.8."}], "id": "CVE-2025-1930", "lastModified": "2026-04-13T15:16:51.590", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-04T14:15:37.850", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1902309"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-15/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-16/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-18/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2699", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.8.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2452", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.8.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-06T00:00:00Z"}, {"advisory": "RHSA-2025:2708", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.8.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2484", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2484", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2484", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.8.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2485", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.8.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2485", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.8.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2485", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.8.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2486", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.8.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2359", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.8.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-05T00:00:00Z"}, {"advisory": "RHSA-2025:2481", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.8.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2480", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.8.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2479", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.8.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}], "bugzilla": {"description": "firefox: AudioIPC StreamData could trigger a use-after-free in the Browser process", "id": "2349787", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349787"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8."], "name": "CVE-2025-1930", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-04T13:31:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1930\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1930\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1902309\nhttps://www.mozilla.org/security/advisories/mfsa2025-14/\nhttps://www.mozilla.org/security/advisories/mfsa2025-15/\nhttps://www.mozilla.org/security/advisories/mfsa2025-16/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T23:42:19.806141+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 136 or newer, or to Firefox ESR\u202f115.21 or 128.8.", "Upgrade Thunderbird to version 136 or newer, or to Thunderbird ESR\u202f128.8.", "If an upgrade cannot be performed immediately, configure the browser to restrict or disable audio stream processing from untrusted content to prevent the use\u2011after\u2011free trigger."], "summary": {"action": "Patch Now", "impact": "Sandbox Escape"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Thunderbird running on Windows are affected. The vulnerability is present in all versions before Firefox\u00a0136 (or Firefox\u00a0ESR\u00a0115.21/128.8) and before Thunderbird\u00a0136 (or Thunderbird\u00a0ESR\u00a0128.8). Upgrading to those patched releases removes the flaw.", "description_and_impact": "A malformed StreamData sent over AudioIPC from a content process can trigger a use\u2011after\u2011free in the Browser process on Windows, which could allow an attacker to escape the browser sandbox and execute code with the Browser\u2019s elevated privileges. The primary impact is a sandbox escape, and the underlying weakness is a use\u2011after\u2011free (CWE\u2011416).", "risk_and_exploitability": "With a CVSS score of 8.8 the issue is classified as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation at the time of this analysis. The vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is a Windows system where a content process can read audio data, such as a web page or a local file, and inject crafted StreamData that triggers the use\u2011after\u2011free in the Browser process."}}}}, "created": "2026-04-20T23:45:21.608121+00:00", "updated": "2026-04-20T23:45:21.608131+00:00", "vendors": []}