Base Score

HIGH7.4

CVE-2025-3032

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

VectorNETWORK

Published Bysecurity@mozilla.org

Published DateApr 01, 2025, 13:15

Weakness Type (CWE):CWE-403

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1949987
https://www.mozilla.org/security/advisories/mfsa2025-20/
https://www.mozilla.org/security/advisories/mfsa2025-23/

Base Score

HIGH7.4

Weakness Type (CWE):CWE-403

CVSS Metrics

Base Score

7.4

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

NONE