PT-2025-4125 · Mozilla+10 · Thunderbird+12
Nils Bars
·
Published
2025-02-04
·
Updated
2025-07-22
·
CVE-2025-1012
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 135
Firefox ESR versions prior to 115.20
Firefox ESR versions prior to 128.7
Thunderbird versions prior to 128.7
Thunderbird versions prior to 135
Description
A race during concurrent delazification could have led to a use-after-free. This issue affects several versions of Firefox and Thunderbird.
Recommendations
For Firefox versions prior to 135, update to version 135 or later.
For Firefox ESR versions prior to 115.20, update to version 115.20 or later.
For Firefox ESR versions prior to 128.7, update to version 128.7 or later.
For Thunderbird versions prior to 128.7, update to version 128.7 or later.
For Thunderbird versions prior to 135, update to version 135 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Thunderbird
Ubuntu