Search for vulnerabilities
Vulnerability details: VCID-8121-3cdm-ayc8
Vulnerability ID VCID-8121-3cdm-ayc8
Aliases CVE-2025-3030
Summary firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0006 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00064 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.0007 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
cvssv3.1 8.1 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-22
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-23
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-24
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-20/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-20/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-22/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-22/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-23/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-23/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-24/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-24/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
https://api.first.org/data/v1/epss?cve=CVE-2025-3030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2356563 https://bugzilla.redhat.com/show_bug.cgi?id=2356563
buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2025-3030 https://nvd.nist.gov/vuln/detail/CVE-2025-3030
GLSA-202505-02 https://security.gentoo.org/glsa/202505-02
GLSA-202505-03 https://security.gentoo.org/glsa/202505-03
mfsa2025-20 https://www.mozilla.org/en-US/security/advisories/mfsa2025-20
mfsa2025-20 https://www.mozilla.org/security/advisories/mfsa2025-20/
mfsa2025-22 https://www.mozilla.org/en-US/security/advisories/mfsa2025-22
mfsa2025-22 https://www.mozilla.org/security/advisories/mfsa2025-22/
mfsa2025-23 https://www.mozilla.org/en-US/security/advisories/mfsa2025-23
mfsa2025-23 https://www.mozilla.org/security/advisories/mfsa2025-23/
mfsa2025-24 https://www.mozilla.org/en-US/security/advisories/mfsa2025-24
mfsa2025-24 https://www.mozilla.org/security/advisories/mfsa2025-24/
RHSA-2025:3556 https://access.redhat.com/errata/RHSA-2025:3556
RHSA-2025:3581 https://access.redhat.com/errata/RHSA-2025:3581
RHSA-2025:3582 https://access.redhat.com/errata/RHSA-2025:3582
RHSA-2025:3587 https://access.redhat.com/errata/RHSA-2025:3587
RHSA-2025:3589 https://access.redhat.com/errata/RHSA-2025:3589
RHSA-2025:3590 https://access.redhat.com/errata/RHSA-2025:3590
RHSA-2025:3620 https://access.redhat.com/errata/RHSA-2025:3620
RHSA-2025:3621 https://access.redhat.com/errata/RHSA-2025:3621
RHSA-2025:3623 https://access.redhat.com/errata/RHSA-2025:3623
RHSA-2025:3628 https://access.redhat.com/errata/RHSA-2025:3628
RHSA-2025:4026 https://access.redhat.com/errata/RHSA-2025:4026
RHSA-2025:4027 https://access.redhat.com/errata/RHSA-2025:4027
RHSA-2025:4028 https://access.redhat.com/errata/RHSA-2025:4028
RHSA-2025:4029 https://access.redhat.com/errata/RHSA-2025:4029
RHSA-2025:4030 https://access.redhat.com/errata/RHSA-2025:4030
RHSA-2025:4031 https://access.redhat.com/errata/RHSA-2025:4031
RHSA-2025:4032 https://access.redhat.com/errata/RHSA-2025:4032
RHSA-2025:4169 https://access.redhat.com/errata/RHSA-2025:4169
RHSA-2025:4170 https://access.redhat.com/errata/RHSA-2025:4170
RHSA-2025:7491 https://access.redhat.com/errata/RHSA-2025:7491
RHSA-2025:7493 https://access.redhat.com/errata/RHSA-2025:7493
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-20/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-20/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-22/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-22/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-23/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-23/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-24/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-24/
Exploit Prediction Scoring System (EPSS)
Percentile 0.11057
EPSS Score 0.00046
Published At April 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-04-03T09:59:14.566067+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json 36.0.0