CVE-2025-9182: 
NixOS vulnerability analysis and mitigation

CVE-2025-9182 is a denial-of-service vulnerability discovered in the Graphics: WebRender component affecting multiple Mozilla products. The vulnerability was disclosed on August 19, 2025, and affects Firefox versions prior to 142, Firefox ESR versions prior to 140.2, Thunderbird versions prior to 142, and Thunderbird ESR versions prior to 140.2. The vulnerability was reported by security researcher Irvan Kurniawan (Mozilla Advisory).

The vulnerability is classified as a denial-of-service condition caused by out-of-memory issues in the Graphics: WebRender component. It has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity and requires no privileges or user interaction. The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption) (Ubuntu CVE).

The vulnerability's primary impact is on system availability, with no direct effect on confidentiality or integrity. When successfully exploited, it can cause a denial-of-service condition by triggering out-of-memory errors in the WebRender component, potentially leading to application crashes or unresponsiveness (Red Hat Advisory).

Mozilla has addressed this vulnerability by releasing security updates: Firefox 142, Firefox ESR 140.2, Thunderbird 142, and Thunderbird ESR 140.2. Users are advised to update their installations to these versions or later to mitigate the vulnerability (Mozilla Advisory).