{"id":"CVE-2025-0240","details":"Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox \u003c 134, Firefox ESR \u003c 128.6, Thunderbird \u003c 134, and Thunderbird \u003c 128.6.","modified":"2026-04-16T00:00:06.980934291Z","published":"2025-01-07T16:15:38.663Z","related":["ALSA-2025:0080","ALSA-2025:0144","CGA-frmg-xrxv-c29q","SUSE-SU-2025:0056-1","SUSE-SU-2025:0059-1","SUSE-SU-2025:0080-1","openSUSE-SU-2025:14619-1","openSUSE-SU-2025:14630-1","openSUSE-SU-2025:14648-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00004.html"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-01/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-02/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-04/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-05/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1929623"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0240.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"128.6.0"}]},{"events":[{"introduced":"0"},{"fixed":"134.0"}]},{"events":[{"introduced":"0"},{"fixed":"128.6.0"}]},{"events":[{"introduced":"129.0"},{"fixed":"134.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}