CVE-2025-1942CRITICAL 9.8EPSS p35.4%

CVE-2025-1942CVE-2025-1942

Description

When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string. This vulnerability was fixed in Firefox 136 and Thunderbird 136.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.45% probability of exploitation · percentile 35.4% · 2026-06-18T12:00:27Z
Published2025-03-04
Last modified2026-04-13

Underlying weaknesses· 1

CWE-908

References

  1. https://bugzilla.mozilla.org/show_bug.cgi?id=1947139
  2. https://www.mozilla.org/security/advisories/mfsa2025-14/
  3. https://www.mozilla.org/security/advisories/mfsa2025-17/

1

TypeTargetConfidenceTier
WeaknessUse of Uninitialized Resourcecwe-9080%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-1943
CVE
CVE-2026-4716
CVE
CVE-2025-4091
CVE
CVE-2025-9187
CVE
CVE-2025-11721
CVE
CVE-2026-2806
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.