CVE Vulnerabilities

CVE-2025-1942

Use of Uninitialized Resource

Published: Mar 04, 2025 | Modified: Mar 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.3 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Ubuntu
MEDIUM

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 136.0 (excluding)
Thunderbird Mozilla * 136.0 (excluding)
Firefox Ubuntu focal *
Mozjs102 Ubuntu esm-apps/noble *
Mozjs102 Ubuntu jammy *
Mozjs102 Ubuntu noble *
Mozjs115 Ubuntu devel *
Mozjs115 Ubuntu noble *
Mozjs115 Ubuntu oracular *
Mozjs52 Ubuntu esm-infra/bionic *
Mozjs52 Ubuntu focal *
Mozjs68 Ubuntu focal *
Mozjs78 Ubuntu jammy *
Mozjs91 Ubuntu jammy *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *

Potential Mitigations

References