CVE-2025-1931: 
NixOS vulnerability analysis and mitigation

CVE-2025-1931 is a high-impact security vulnerability discovered in Mozilla products, reported by security researcher sherkito. The vulnerability affects multiple versions of Mozilla software including Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. The issue was disclosed on March 4, 2025, and involves a use-after-free vulnerability in the content process side of a WebTransport connection (Mozilla Advisory).

The vulnerability is characterized as a use-after-free condition that occurs specifically in the WebTransportChild component of affected Mozilla products. The technical nature of the vulnerability involves memory management issues in the content process side of WebTransport connections, which could lead to a potentially exploitable crash (Mozilla Advisory).

The vulnerability has been assessed as having a high impact rating. When exploited, it can cause a crash in the affected applications, which could potentially be leveraged for arbitrary code execution. The issue affects both mainstream and extended support releases of Firefox, as well as Thunderbird email client (NVD).

Mozilla has addressed this vulnerability in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8. Users are advised to update their installations to these or later versions to mitigate the risk (Mozilla Advisory).