// For flags

CVE-2025-6424

firefox: thunderbird: Use-after-free in FontFaceSet

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, Firefox ESR < 128.12, Thunderbird < 140, and Thunderbird < 128.12.

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue:
A use-after-free in FontFaceSet resulted in a potentially exploitable crash.

This update for MozillaFirefox fixes the following issues. Use-after-free in FontFaceSet The WebCompat WebExtension shipped with Firefox exposed a persistent UUID No warning when opening executable terminal files on macOS Incorrect parsing of URLs could have allowed embedding of youtube.com Content-Disposition header ignored when a file is included in an embed or object tag.

*Credits: LJP and HexRabbit (DEVCORE Research Team)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2025-06-20 CVE Reserved
  • 2025-06-24 CVE Published
  • 2025-07-02 CVE Updated
  • 2025-07-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
Firefox
Search vendor "Mozilla" for product "Firefox"
*-
Affected
Mozilla
Search vendor "Mozilla"
Firefox Esr
Search vendor "Mozilla" for product "Firefox Esr"
*-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
*-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
*-
Affected
Opensuse
Search vendor "Opensuse"
Leap
Search vendor "Opensuse" for product "Leap"
*-
Affected
Slackware
Search vendor "Slackware"
Slackware Linux
Search vendor "Slackware" for product "Slackware Linux"
*-
Affected
Suse
Search vendor "Suse"
Sle-module-desktop-applications
Search vendor "Suse" for product "Sle-module-desktop-applications"
*-
Affected
Suse
Search vendor "Suse"
Sle Hpc-espos
Search vendor "Suse" for product "Sle Hpc-espos"
*-
Affected
Suse
Search vendor "Suse"
Sle Hpc-ltss
Search vendor "Suse" for product "Sle Hpc-ltss"
*-
Affected
Suse
Search vendor "Suse"
Sle Hpc
Search vendor "Suse" for product "Sle Hpc"
*-
Affected
Suse
Search vendor "Suse"
Sled
Search vendor "Suse" for product "Sled"
*-
Affected
Suse
Search vendor "Suse"
Sles-ltss-extended-security
Search vendor "Suse" for product "Sles-ltss-extended-security"
*-
Affected
Suse
Search vendor "Suse"
Sles-ltss
Search vendor "Suse" for product "Sles-ltss"
*-
Affected
Suse
Search vendor "Suse"
Sles
Search vendor "Suse" for product "Sles"
*-
Affected
Suse
Search vendor "Suse"
Sles Sap
Search vendor "Suse" for product "Sles Sap"
*-
Affected