{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1942", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-04T12:29:51.191Z", "datePublished": "2025-03-04T13:31:25.504Z", "dateUpdated": "2026-04-13T14:30:28.192Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "136", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136."}]}], "title": "Disclosure of uninitialized memory when .toUpperCase() causes string to get longer", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}], "credits": [{"lang": "en", "value": "anbu"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:28.192Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-908", "lang": "en", "description": "CWE-908 Use of Uninitialized Resource"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-25T14:08:58.588635Z", "id": "CVE-2025-1942", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T14:10:00.285Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1942", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T14:08:58.588635Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-908", "description": "CWE-908 Use of Uninitialized Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T15:45:14.531Z"}}], "cna": {"title": "Disclosure of uninitialized memory when .toUpperCase() causes string to get longer", "credits": [{"lang": "en", "value": "anbu"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "136", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}], "descriptions": [{"lang": "en", "value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.", "supportingMedia": [{"type": "text/html", "value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:30:28.192Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1942", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:30:28.192Z", "dateReserved": "2025-03-04T12:29:51.191Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-03-04T13:31:25.504Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DB4CDD0-EC54-43D0-ACB2-F159ABA53D2C", "versionEndExcluding": "136.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "43A02EBD-58CF-4057-A3D7-3828B599D954", "versionEndExcluding": "136.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136."}, {"lang": "es", "value": "Cuando String.toUpperCase() hac\u00eda que una cadena se hiciera m\u00e1s larga, era posible que la memoria no inicializada se incorporara a la cadena de resultado. Esta vulnerabilidad afecta a Firefox < 136 y Thunderbird < 136."}], "id": "CVE-2025-1942", "lastModified": "2026-04-13T15:16:53.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-04T14:15:39.167", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1947139"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-14/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-17/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: Disclosure of uninitialized memory when .toUpperCase() causes string to get longer", "id": "2349791", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349791"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-824", "details": ["When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When String.toUpperCase() causes a string to get longer, it is possible for uninitialized memory to be incorporated into the result string."], "name": "CVE-2025-1942", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-03-04T13:31:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1942\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1942\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1947139\nhttps://www.mozilla.org/security/advisories/mfsa2025-14/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:22:49.200660+00:00", "value": {"mitigation_remediation": ["Upgrade Mozilla Firefox and Mozilla Thunderbird to version 136 or later.", "Restart the browser after the upgrade to ensure the new binary is loaded.", "Configure the update client to apply future patches automatically to avoid similar issues."], "summary": {"action": "Apply patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird are affected before version 136. Any installation of these products running a version earlier than 136 is vulnerable. Versions 136 and later contain the mitigation and are not impacted.", "description_and_impact": "When the method String.toUpperCase() expands a string\u2019s length, the resulting string can contain portions of memory that were never initialized, exposing potentially sensitive data. This flaw is classified as uninitialized memory read and buffer misuse (CWE-824, CWE-908). The assessment reflects a CVSS score of 9.8. The vulnerability allows an attacker to retrieve arbitrary data from memory through the manipulated string.", "risk_and_exploitability": "The EPSS score of \"< 1%\" implies a very low historical exploitation probability, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack path depends on gaining the ability to trigger a locale\u2011aware uppercase operation, which may arise from malicious web content, local scripts, or extensions. While the documentation does not specify the exact vector, it is reasonable to infer that the flaw can be exercised in both local and remote contexts where the application processes user\u2011supplied strings. The combination of a high CVSS score and low exploitation likelihood suggests a moderate to high risk that should be addressed promptly."}}}}, "created": "2026-04-20T18:30:13.979317+00:00", "updated": "2026-04-20T18:30:13.979332+00:00", "vendors": []}