CVE-2025-11710
CRITICALMozilla Firefox < 115.29.0 - Information Disclosure
Title source: ruleDescription
A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
References (8)
Core 8
Core References
Issue Tracking, Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1989899
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-81/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-82/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-83/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-84/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-85/
Scores
CVSS v3
9.8
EPSS
0.0011
EPSS Percentile
28.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (8)
mozilla/firefox
< 115.29.0
mozilla/firefox
< 144.0
Mozilla/Firefox
115.29 - 115.*
Mozilla/Firefox
140.4 - 140.*
Mozilla/Firefox
144
mozilla/thunderbird
< 140.4.0
Mozilla/Thunderbird
140.4 - 140.*
Mozilla/Thunderbird
144
Published
Oct 14, 2025
Tracked Since
Feb 18, 2026