CVE-2025-5262

A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.

CVSS

No CVSS.

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1962421
https://www.mozilla.org/security/advisories/mfsa2025-45/
https://www.mozilla.org/security/advisories/mfsa2025-46/

Configurations

No configuration.

History

19 Aug 2025, 21:15

Type	Values Removed	Values Added
References		() https://bugzilla.mozilla.org/show_bug.cgi?id=1962421 - () https://www.mozilla.org/security/advisories/mfsa2025-45/ - () https://www.mozilla.org/security/advisories/mfsa2025-46/ -
Summary	Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier.	A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 139 and Thunderbird < 128.11.

27 May 2025, 18:15

Type	Values Removed	Values Added
Summary	A double-free could have occurred in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, and Firefox ESR < 128.11.	Rejected reason: This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier.
References	~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-44/', 'name': 'https://www.mozilla.org/security/advisories/mfsa2025-44/', 'tags': [], 'refsource': ''}~~ ~~{'url': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1962421', 'name': 'https://bugzilla.mozilla.org/show_bug.cgi?id=1962421', 'tags': [], 'refsource': ''}~~ ~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-42/', 'name': 'https://www.mozilla.org/security/advisories/mfsa2025-42/', 'tags': [], 'refsource': ''}~~ ~~{'url': 'https://www.mozilla.org/security/advisories/mfsa2025-43/', 'name': 'https://www.mozilla.org/security/advisories/mfsa2025-43/', 'tags': [], 'refsource': ''}~~

27 May 2025, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-27 13:15

Updated : 2025-08-19 21:15

NVD link : CVE-2025-5262

Mitre link : CVE-2025-5262

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-5262

Attach tags to `CVE-2025-5262`