Main Vulnerability Database Vulnerabilities #VU105324

Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2025-1942

Published: March 5, 2025

Vulnerability identifier: #VU105324

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-1942

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within the String.toUpperCase() function, which includes parts of uninitialized memory into the result output. A remote attacker can gain unauthorized access to sensitive information.

How to mitigate CVE-2025-1942

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
https://bugzilla.mozilla.org/show_bug.cgi?id=1947139

Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2025-1942

Detailed vulnerability description

How to mitigate CVE-2025-1942

Sources

Please verify you're human