{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6424", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-06-20T14:51:26.620Z", "datePublished": "2025-06-24T12:27:59.669Z", "dateUpdated": "2026-04-13T14:26:04.861Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.25", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.12", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.12", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "140", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12."}]}], "title": "Use-after-free in FontFaceSet", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-52/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}], "credits": [{"lang": "en", "value": "LJP and HexRabbit (DEVCORE Research Team)"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:04.861Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-25T12:36:06.501007Z", "id": "CVE-2025-6424", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T12:42:03.245Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:06:57.283Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:06:57.283Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-6424", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-25T12:36:06.501007Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-25T12:36:38.938Z"}}], "cna": {"title": "Use-after-free in FontFaceSet", "credits": [{"lang": "en", "value": "LJP and HexRabbit (DEVCORE Research Team)"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.25", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.12", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.12", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "140", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-52/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}], "descriptions": [{"lang": "en", "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "supportingMedia": [{"type": "text/html", "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:26:04.861Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6424", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:26:04.861Z", "dateReserved": "2025-06-20T14:51:26.620Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-06-24T12:27:59.669Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "CC066347-9B64-4991-AD04-A52785491963", "versionEndExcluding": "115.25.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "77D2BF2A-26A3-4664-93B5-B41BCF17AC9E", "versionEndExcluding": "140.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "152204C0-14F9-4342-8BDF-EE016A70C203", "versionEndExcluding": "128.12.0", "versionStartIncluding": "116.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability was fixed in Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12."}, {"lang": "es", "value": "Use-after-free en FontFaceSet provoc\u00f3 un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 140, Firefox ESR < 115.25 y Firefox ESR < 128.12."}], "id": "CVE-2025-6424", "lastModified": "2026-04-13T15:17:06.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-24T13:15:23.273", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966423"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-51/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-52/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-53/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-54/"}, {"source": "security@mozilla.org", "url": "https://www.mozilla.org/security/advisories/mfsa2025-55/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00002.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10073", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.12.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10195", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.12.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10181", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.12.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10074", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.12.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10246", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.12.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10166", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10182", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10165", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10184", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.12.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10164", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10183", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10164", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10183", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10164", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10183", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.12.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10163", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "thunderbird-0:128.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10186", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "firefox-0:128.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10163", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "thunderbird-0:128.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10186", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "firefox-0:128.12.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10072", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.12.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10196", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.12.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10161", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.12.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10187", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.12.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10160", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "thunderbird-0:128.12.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10185", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "firefox-0:128.12.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-07-02T00:00:00Z"}, {"advisory": "RHSA-2025:10159", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.12.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-01T00:00:00Z"}, {"advisory": "RHSA-2025:10188", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.12.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-07-02T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Use-after-free in FontFaceSet", "id": "2374559", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374559"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:\nA use-after-free in FontFaceSet resulted in a potentially exploitable crash."], "name": "CVE-2025-6424", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-06-24T12:27:59Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6424\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6424\nhttps://www.mozilla.org/security/advisories/mfsa2025-53/#CVE-2025-6424"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T20:28:32.325653+00:00", "value": {"mitigation_remediation": ["Apply an update to Firefox\u202f140 or the ESR equivalents 115.25 or 128.12, and to Thunderbird\u202f140 or 128.12.", "If updating is temporarily infeasible, run the affected browsers in a restricted sandbox to limit the impact of a potential crash.", "Continuously monitor crash logs and system stability reports for evidence of unexpected termination that may indicate exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Crash (Denial of Service)"}, "threat_synthesis": {"affected_systems": "The bug affects Mozilla Firefox and Thunderbird across their main releases and ESR branches. The advisory lists fixes in Firefox\u202f140, Firefox\u202fESR\u202f115.25, and Firefox\u202fESR\u202f128.12, as well as in Thunderbird\u202f140 and Thunderbird\u202f128.12. All earlier versions are vulnerable.", "description_and_impact": "A use\u2011after\u2011free flaw exists in the FontFaceSet handling code. The flaw can cause a malformed memory access that leads to a browser crash, which may be exploited to cause a denial of service. The vulnerability is categorized as CWE\u2011416, a memory corruption weakness.", "risk_and_exploitability": "The CVSS score of 9.8 signals a high\u2011severity flaw. The EPSS score of 1\u202f% reflects a low, but non\u2011negligible, likelihood of exploitation. The advisory does not state whether this vulnerability is remotely exploitable; therefore the attack vector remains unspecified. The flaw is not listed in CISA\u2019s KEV catalog, so no widespread exploits are currently known."}}}}, "created": "2025-07-06T22:16:32.406826+00:00", "updated": "2026-04-20T20:30:16.074432+00:00", "vendors": ["mozilla", "mozilla$PRODUCT$firefox", "mozilla$PRODUCT$firefox_esr"]}