ГлавнаяУязвимости → CVE-2025-1942
9.8критическая

CVE-2025-1942

→ есть в БДУ: BDU:2025-02879 (на русском)
Описание (на английском; русское — в БДУ выше)

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Затрагиваемое ПО
Mozilla FirefoxMozilla Thunderbird
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://bugzilla.mozilla.org/show_bug.cgi?id=1947139https://www.mozilla.org/security/advisories/mfsa2025-14/https://www.mozilla.org/security/advisories/mfsa2025-17/