CVE-2025-8040

HIGH
2025-07-22 [email protected]
Mozilla RCE Buffer Overflow Thunderbird
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 13, 2026 - 15:42 vuln.today

DescriptionNVD

Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

AnalysisAI

Memory corruption in Mozilla Firefox 140 and Thunderbird 140 (including ESR versions) allows remote code execution when users interact with malicious web content. Affected versions include Firefox ESR 140.0, Firefox 140, Thunderbird ESR 140.0, and Thunderbird 140. With CVSS 8.8 and requiring only user interaction (no authentication), this represents a significant threat to enterprise and consumer users. No public exploit identified at time of analysis, though Mozilla confirmed memory corruption evidence suggesting exploitability with sufficient attacker effort. Vendor-released patches available in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1.

Share

CVE-2025-8040 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy