CVE-2025-3030: 
NixOS vulnerability analysis and mitigation

CVE-2025-3030 is a memory safety vulnerability discovered in Mozilla Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. The vulnerability was disclosed on April 1, 2025, and affects multiple versions of Mozilla's web browser and email client products. The issue was identified by Sylvestre Ledru, Paul Bone, and the Mozilla Fuzzing Team (Mozilla Advisory).

The vulnerability is characterized by memory safety bugs that show evidence of memory corruption. The issue has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified as CWE-416 (Use After Free) (NVD).

The memory safety bugs could potentially be exploited to run arbitrary code on affected systems. The vulnerability affects multiple versions of Mozilla products including Firefox versions prior to 137, Firefox ESR versions prior to 128.9, Thunderbird versions prior to 137, and Thunderbird ESR versions prior to 128.9 (Mozilla Advisory).

Mozilla has released fixes for this vulnerability in Firefox 137, Firefox ESR 128.9, Thunderbird 137, and Thunderbird ESR 128.9. Users are strongly advised to update to these versions or later to mitigate the vulnerability (Mozilla Advisory).