- Description
- Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
- Source
- security@mozilla.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🔴 #Firefox, Memory Corruption Vulnerability #CVE-2025-1017 (Critical) https://t.co/LRhEwTxKH3
@dailycve
6 Feb 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1017 Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we pre… https://t.co/B3sEMoiTnJ
@CVEnew
4 Feb 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1B11C09-3033-44F5-ACC7-591196075CB1",
"versionEndExcluding": "128.7.0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C08017D5-BBC7-4E01-92D2-CE2E2ED9453A",
"versionEndExcluding": "135.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0504330C-A82A-4E1E-9774-38CCB3DF8D92",
"versionEndExcluding": "128.7.0",
"versionStartIncluding": "128.0.1"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5DC3260-2056-4C30-BCBA-AD45537FF0F5",
"versionEndExcluding": "135.0",
"versionStartIncluding": "131.0"
}
],
"operator": "OR"
}
]
}
]