Wiz
Vulnerability DatabaseCVE-2025-5272

CVE-2025-5272
Mozilla Firefox vulnerability analysis and mitigation

Overview

CVE-2025-5272 is a moderate severity vulnerability affecting Firefox 138 and Thunderbird 138, discovered by the Mozilla Fuzzing Team and Andrew Osmond. The vulnerability was disclosed on May 27, 2025, and has been fixed in Firefox 139 and Thunderbird 139. The issue involves memory safety bugs that could potentially lead to memory corruption (Mozilla Advisory, NVD).

Technical details

The vulnerability is classified as a memory safety bug with a CVSS v3.1 base score of 7.3 (HIGH) according to CISA-ADP assessment. It is associated with CWE-787 (Out-of-bounds Write). The flaw could potentially be exploited to run arbitrary code if sufficient effort is applied to leverage the memory corruption conditions (NVD, Mozilla Advisory).

Impact

The vulnerability could potentially allow attackers to execute arbitrary code on affected systems through memory corruption exploitation. The impact is considered moderate, as these memory safety bugs showed evidence of memory corruption that could be potentially exploited with sufficient effort (Mozilla Advisory, GBHackers).

Mitigation and workarounds

The vulnerability has been fixed in Firefox 139 and Thunderbird 139. Users are strongly advised to update to the latest version to protect against potential exploitation. No specific workarounds have been provided for users who cannot immediately update (Mozilla Advisory).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo