| Name | CVE-2025-9179 |
| Description | An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability affects Firefox < 142, Firefox ESR < 115.27, Firefox ESR < 128.14, Firefox ESR < 140.2, Thunderbird < 142, Thunderbird < 128.14, and Thunderbird < 140.2. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-4277-1, DLA-4279-1, DSA-5980-1, DSA-5984-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firefox (PTS) | sid | 142.0.1-1 | fixed |
| firefox-esr (PTS) | bullseye | 115.14.0esr-1~deb11u1 | vulnerable |
| bullseye (security) | 128.14.0esr-1~deb11u1 | fixed | |
| bookworm, bookworm (security) | 128.14.0esr-1~deb12u1 | fixed | |
| trixie (security), trixie | 128.14.0esr-1~deb13u1 | fixed | |
| forky, sid | 128.14.0esr-1 | fixed | |
| thunderbird (PTS) | bullseye | 1:115.12.0-1~deb11u1 | vulnerable |
| bullseye (security) | 1:128.14.0esr-1~deb11u1 | fixed | |
| bookworm, bookworm (security) | 1:128.14.0esr-1~deb12u1 | fixed | |
| trixie (security), trixie | 1:128.14.0esr-1~deb13u1 | fixed | |
| forky, sid | 1:128.14.0esr-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firefox | source | (unstable) | 142.0-1 | |||
| firefox-esr | source | bullseye | 128.14.0esr-1~deb11u1 | DLA-4277-1 | ||
| firefox-esr | source | bookworm | 128.14.0esr-1~deb12u1 | DSA-5980-1 | ||
| firefox-esr | source | trixie | 128.14.0esr-1~deb13u1 | DSA-5980-1 | ||
| firefox-esr | source | (unstable) | 128.14.0esr-1 | |||
| thunderbird | source | bullseye | 1:128.14.0esr-1~deb11u1 | DLA-4279-1 | ||
| thunderbird | source | bookworm | 1:128.14.0esr-1~deb12u1 | DSA-5984-1 | ||
| thunderbird | source | trixie | 1:128.14.0esr-1~deb13u1 | DSA-5984-1 | ||
| thunderbird | source | (unstable) | 1:128.14.0esr-1 |
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/#CVE-2025-9179
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9179
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/#CVE-2025-9179