Main Vulnerability Database Vulnerabilities #VU105324

#VU105324 Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2025-1942

Published: March 5, 2025

Vulnerability identifier: #VU105324

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-1942

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application within the String.toUpperCase() function, which includes parts of uninitialized memory into the result output. A remote attacker can gain unauthorized access to sensitive information.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/
https://bugzilla.mozilla.org/show_bug.cgi?id=1947139

#VU105324 Information disclosure in Mozilla Firefox and Firefox for Android - CVE-2025-1942

Description

Remediation

External links

Please verify you're human