Security Advisory

CVE-2025-1930

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-04 13:31:22

Last updated 2026-04-13 14:27:31

Assigner mozilla

State PUBLISHED

Description

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8.

← Browse all CVEs View on cve.org ↗