Vulnerability Details CVE-2025-11719
Starting in Thunderbird 143, the use of the native messaging API by web extensions on Windows could lead to crashes caused by use-after-free memory corruption. This vulnerability was fixed in Firefox 144 and Thunderbird 144.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.7%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2025-11719
-
cpe:2.3:a:mozilla:firefox:143.0
-
cpe:2.3:a:mozilla:thunderbird:143.0
-
cpe:2.3:a:mozilla:thunderbird:143.0.1
-
cpe:2.3:o:microsoft:windows:-