Vulnerability Details CVE-2025-5262
A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-5262
-
cpe:2.3:a:mozilla:thunderbird:-
-
cpe:2.3:a:mozilla:thunderbird:115.10.2
-
cpe:2.3:a:mozilla:thunderbird:115.11.0
-
cpe:2.3:a:mozilla:thunderbird:115.11.1
-
cpe:2.3:a:mozilla:thunderbird:115.12.1
-
cpe:2.3:a:mozilla:thunderbird:115.12.2
-
cpe:2.3:a:mozilla:thunderbird:115.13.0
-
cpe:2.3:a:mozilla:thunderbird:115.14.0
-
cpe:2.3:a:mozilla:thunderbird:115.16.0
-
cpe:2.3:a:mozilla:thunderbird:115.16.1
-
cpe:2.3:a:mozilla:thunderbird:115.16.2
-
cpe:2.3:a:mozilla:thunderbird:115.16.3
-
cpe:2.3:a:mozilla:thunderbird:115.18.0
-
cpe:2.3:a:mozilla:thunderbird:128.0.1
-
cpe:2.3:a:mozilla:thunderbird:128.1.0
-
cpe:2.3:a:mozilla:thunderbird:128.1.1
-
cpe:2.3:a:mozilla:thunderbird:128.2.0
-
cpe:2.3:a:mozilla:thunderbird:128.2.1
-
cpe:2.3:a:mozilla:thunderbird:128.2.2
-
cpe:2.3:a:mozilla:thunderbird:128.2.3
-
cpe:2.3:a:mozilla:thunderbird:128.3.0
-
cpe:2.3:a:mozilla:thunderbird:128.3.1
-
cpe:2.3:a:mozilla:thunderbird:128.3.2
-
cpe:2.3:a:mozilla:thunderbird:128.3.3
-
cpe:2.3:a:mozilla:thunderbird:128.4.0
-
cpe:2.3:a:mozilla:thunderbird:128.4.1
-
cpe:2.3:a:mozilla:thunderbird:128.4.2
-
cpe:2.3:a:mozilla:thunderbird:128.4.3
-
cpe:2.3:a:mozilla:thunderbird:128.4.4
-
cpe:2.3:a:mozilla:thunderbird:128.5.0
-
cpe:2.3:a:mozilla:thunderbird:128.5.1
-
cpe:2.3:a:mozilla:thunderbird:128.5.2
-
cpe:2.3:a:mozilla:thunderbird:128.6.0
-
cpe:2.3:a:mozilla:thunderbird:128.7.0
-
cpe:2.3:a:mozilla:thunderbird:135.0