CVE-2025-8035: 
NixOS vulnerability analysis and mitigation

CVE-2025-8035 is a memory safety vulnerability discovered in multiple Mozilla products, including Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140, and Thunderbird 140. The vulnerability was reported by the Mozilla Fuzzing Team and disclosed on July 22, 2025 (Mozilla Advisory).

The vulnerability involves memory safety bugs that showed evidence of memory corruption. The issue has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high severity rating. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

The memory corruption issues could potentially be exploited to run arbitrary code on affected systems. While these flaws cannot typically be exploited through email in Thunderbird due to disabled scripting when reading mail, they remain potential risks in browser or browser-like contexts (Mozilla Advisory).

The vulnerability has been fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird ESR 128.13, and Thunderbird ESR 140.1. Users are advised to update their software to these latest versions to mitigate the risk (Mozilla Advisory).