CVE-2025-9179_CVE-2025-9179

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.

Basic Information

ID CVE-2025-9179

Source mozilla

Published Aug 19, 2025 at 20:33

Modified Aug 20, 2025 at 15:18

Affected Product

Vendor Mozilla

Product Firefox

Version unspecified

Affected Versions Mozilla Firefox unspecified
Mozilla Firefox ESR unspecified
Mozilla Firefox ESR unspecified
Mozilla Firefox ESR unspecified
Mozilla Thunderbird unspecified
Mozilla Thunderbird unspecified
Mozilla Thunderbird unspecified

CWE Classification

CWE-119

References

{
    "lastseen": "",
    "description": "An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2.",
    "published": "2025-08-19T20:33:53.949Z",
    "modified": "2025-08-20T15:18:57.429Z",
    "type": "cve",
    "title": "CVE-2025-9179",
    "source": "mozilla",
    "references": "https://bugzilla.mozilla.org/show_bug.cgi?id=1979527\nhttps://www.mozilla.org/security/advisories/mfsa2025-64/\nhttps://www.mozilla.org/security/advisories/mfsa2025-65/\nhttps://www.mozilla.org/security/advisories/mfsa2025-66/\nhttps://www.mozilla.org/security/advisories/mfsa2025-67/\nhttps://www.mozilla.org/security/advisories/mfsa2025-70/\nhttps://www.mozilla.org/security/advisories/mfsa2025-71/\nhttps://www.mozilla.org/security/advisories/mfsa2025-72/",
    "id": "CVE-2025-9179",
    "bulletinFamily": "",
    "cwe": [
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Mozilla Firefox unspecified\nMozilla Firefox ESR unspecified\nMozilla Firefox ESR unspecified\nMozilla Firefox ESR unspecified\nMozilla Thunderbird unspecified\nMozilla Thunderbird unspecified\nMozilla Thunderbird unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Firefox",
    "version": "unspecified",
    "vendor": "Mozilla",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}