{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3032", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-03-31T09:35:27.921Z", "datePublished": "2025-04-01T12:29:03.420Z", "dateUpdated": "2026-04-13T14:29:30.510Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "137", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "137", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137."}]}], "title": "Leaking file descriptors from the fork server", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/"}], "credits": [{"lang": "en", "value": "Thinker Li"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:30.510Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-3032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-02T03:55:34.171157Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-403", "description": "CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:29:04.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-3032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-02T03:55:34.171157Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-403", "description": "CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T18:37:13.590Z"}}], "cna": {"title": "Leaking file descriptors from the fork server", "credits": [{"lang": "en", "value": "Thinker Li"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "137", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "137", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-20/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-23/"}], "descriptions": [{"lang": "en", "value": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "supportingMedia": [{"type": "text/html", "value": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:29:30.510Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3032", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:29:30.510Z", "dateReserved": "2025-03-31T09:35:27.921Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-01T12:29:03.420Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "1AD89C53-6274-4CA4-B450-444E8D6F82EB", "versionEndExcluding": "137.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "A16B6929-C99F-4E1A-994B-44543C0D5B5A", "versionEndExcluding": "137.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability was fixed in Firefox 137 and Thunderbird 137."}, {"lang": "es", "value": "La filtraci\u00f3n de descriptores de archivos del servidor de bifurcaci\u00f3n a los procesos de contenido web podr\u00eda permitir ataques de escalada de privilegios. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a la 137) y Thunderbird (versi\u00f3n anterior a la 137)."}], "id": "CVE-2025-3032", "lastModified": "2026-04-13T15:16:56.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-01T13:15:41.587", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1949987"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-20/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-23/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-403"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "thunderbird: firefox: Leaking file descriptors from the fork server", "id": "2356558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356558"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-497", "details": ["Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks."], "name": "CVE-2025-3032", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-01T12:29:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-3032\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-3032\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1949987\nhttps://www.mozilla.org/security/advisories/mfsa2025-20/\nhttps://www.mozilla.org/security/advisories/mfsa2025-23/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:16:10.096003+00:00", "value": {"mitigation_remediation": ["Update Firefox to version 137 or newer", "Update Thunderbird to version 137 or newer", "Apply security updates regularly and monitor for unusual file descriptor activity"], "summary": {"action": "Apply Patches", "impact": "Privilege Escalation via leaked file descriptors"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird are affected. The flaw has been fixed in Firefox version 137 and Thunderbird version 137. Earlier releases of these browsers remain vulnerable.", "description_and_impact": "The vulnerability involves the fork server leaking file descriptors to web content processes. This defect permits an attacker to gain unauthorized access to privileged resources, potentially elevating privileges or executing malicious code. The weakness is an access control flaw that allows a less privileged process to read or manipulate file descriptors beyond its intended scope. The impact is a breach of confidentiality, integrity, and availability of system resources, with the ability to compromise the entire system if the attacker is on the same host.", "risk_and_exploitability": "The CVSS score of 7.4 indicates a high severity vulnerability. EPSS indicates a very low probability of exploitation (< 1%) at the time of analysis, and the vulnerability is not currently listed in CISA KEV. The likely attack requires local access to the fork server, which can be reached by privileged web content processes. Without an exploit, remote attackers cannot leverage this flaw; however, a local attacker can use it to upgrade privileges and potentially hijack system resources."}}}}, "created": "2026-04-20T18:30:13.975509+00:00", "updated": "2026-04-20T18:30:13.975539+00:00", "vendors": []}