CVE-2025-1011
published 2025-02-04CVE-2025-1011: A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 135.0-1 (sid) | firefox 135.0-1 (sid) |
| debian | firefox-esr | < firefox 135.0-1 (sid) | firefox 135.0-1 (sid) |
| debian | thunderbird | < firefox 135.0-1 (sid) | firefox 135.0-1 (sid) |
| mozilla | firefox | < 128.7.0 | 128.7.0 |
| mozilla | firefox | < 135.0 | 135.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 135.0+build2-0ubuntu0.20.04.1 | 135.0+build2-0ubuntu0.20.04.1 |
| mozilla | thunderbird | < 135.0 | 135.0 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1~deb11u1 | 1:128.7.0esr-1~deb11u1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1~deb12u1 | 1:128.7.0esr-1~deb12u1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1 | 1:128.7.0esr-1 |
| mozilla | thunderbird | >= 0 < 1:128.7.0esr-1 | 1:128.7.0esr-1 |
| mozilla | thunderbird | >= 128.0.1 < 128.7.0 | 128.7.0 |
| msrc | cbl2_kernel_5.15.32.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_kernel_5.10.123.1-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv9.8CRITICAL