CVE-2025-4093

Publication date 29 April 2025

Last updated 7 May 2025

Ubuntu priority

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
thunderbird	25.04 plucky	Not affected
	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-4093
https://www.mozilla.org/en-US/security/advisories/mfsa2025-29/#CVE-2025-4093
https://www.mozilla.org/en-US/security/advisories/mfsa2025-32/#CVE-2025-4093
https://bugzilla.mozilla.org/show_bug.cgi?id=1894100
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-32/