CVE-2025-1017

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-1017

CGA ID

CGA-xx6x-485m-jww8

Severity

9.8

Critical

CVSS V3

Description

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

References

https://images.chainguard.dev/security/CGA-xx6x-485m-jww8
https://github.com/advisories/GHSA-2ccw-r7qp-2p9j
https://www.mozilla.org/security/advisories/mfsa2025-07/
https://www.mozilla.org/security/advisories/mfsa2025-09/
https://www.mozilla.org/security/advisories/mfsa2025-10/
https://www.mozilla.org/security/advisories/mfsa2025-11/
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471
https://security-tracker.debian.org/tracker/CVE-2025-1017

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-1017

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources