Security Advisory

CVE-2025-1930

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-04 13:31:22

Last updated 2025-03-05 16:42:55

Assigner mozilla

State PUBLISHED

Description

On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.

← Browse all CVEs View on cve.org ↗