CVE-2025-1011

Summary

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox128.7 <= 128.*unaffected
MozillaFirefox135 <= *unaffected
MozillaThunderbird128.7 <= 128.*unaffected
MozillaThunderbird135 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References