Search for vulnerabilities
Vulnerability details: VCID-bb9a-bqg4-8ufy
Vulnerability ID VCID-bb9a-bqg4-8ufy
Aliases CVE-2025-3030
Summary Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
epss 0.00086 https://api.first.org/data/v1/epss?cve=CVE-2025-3030
cvssv3.1 8.1 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
ssvc Track https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
cvssv3.1 8.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-20
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-22
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-23
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2025-24
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-20/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-20/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-22/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-22/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-23/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-23/
cvssv3.1 8.1 https://www.mozilla.org/security/advisories/mfsa2025-24/
ssvc Track https://www.mozilla.org/security/advisories/mfsa2025-24/
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
https://api.first.org/data/v1/epss?cve=CVE-2025-3030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3030
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2356563 https://bugzilla.redhat.com/show_bug.cgi?id=2356563
buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
CVE-2025-3030 https://nvd.nist.gov/vuln/detail/CVE-2025-3030
mfsa2025-20 https://www.mozilla.org/en-US/security/advisories/mfsa2025-20
mfsa2025-20 https://www.mozilla.org/security/advisories/mfsa2025-20/
mfsa2025-22 https://www.mozilla.org/en-US/security/advisories/mfsa2025-22
mfsa2025-22 https://www.mozilla.org/security/advisories/mfsa2025-22/
mfsa2025-23 https://www.mozilla.org/en-US/security/advisories/mfsa2025-23
mfsa2025-23 https://www.mozilla.org/security/advisories/mfsa2025-23/
mfsa2025-24 https://www.mozilla.org/en-US/security/advisories/mfsa2025-24
mfsa2025-24 https://www.mozilla.org/security/advisories/mfsa2025-24/
RHSA-2025:3556 https://access.redhat.com/errata/RHSA-2025:3556
RHSA-2025:3581 https://access.redhat.com/errata/RHSA-2025:3581
RHSA-2025:3582 https://access.redhat.com/errata/RHSA-2025:3582
RHSA-2025:3587 https://access.redhat.com/errata/RHSA-2025:3587
RHSA-2025:3589 https://access.redhat.com/errata/RHSA-2025:3589
RHSA-2025:3590 https://access.redhat.com/errata/RHSA-2025:3590
RHSA-2025:3620 https://access.redhat.com/errata/RHSA-2025:3620
RHSA-2025:3621 https://access.redhat.com/errata/RHSA-2025:3621
RHSA-2025:3623 https://access.redhat.com/errata/RHSA-2025:3623
RHSA-2025:3628 https://access.redhat.com/errata/RHSA-2025:3628
RHSA-2025:4026 https://access.redhat.com/errata/RHSA-2025:4026
RHSA-2025:4027 https://access.redhat.com/errata/RHSA-2025:4027
RHSA-2025:4028 https://access.redhat.com/errata/RHSA-2025:4028
RHSA-2025:4029 https://access.redhat.com/errata/RHSA-2025:4029
RHSA-2025:4030 https://access.redhat.com/errata/RHSA-2025:4030
RHSA-2025:4031 https://access.redhat.com/errata/RHSA-2025:4031
RHSA-2025:4032 https://access.redhat.com/errata/RHSA-2025:4032
RHSA-2025:4169 https://access.redhat.com/errata/RHSA-2025:4169
RHSA-2025:4170 https://access.redhat.com/errata/RHSA-2025:4170
RHSA-2025:7491 https://access.redhat.com/errata/RHSA-2025:7491
RHSA-2025:7493 https://access.redhat.com/errata/RHSA-2025:7493
USN-7663-1 https://usn.ubuntu.com/7663-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3030.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://bugzilla.mozilla.org/buglist.cgi?bug_id=1850615%2C1932468%2C1942551%2C1951017%2C1951494
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-20/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-20/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-22/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-22/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-23/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-23/
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-24/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-01T15:44:40Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-24/
Exploit Prediction Scoring System (EPSS)
Percentile 0.21077
EPSS Score 0.00067
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:22.831300+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-22.yml 37.0.0