CVE-2025-1016
First published: Tue Feb 04 2025(Updated: )
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <135 | 135 |
| Mozilla Firefox ESR | <115.20 | 115.20 |
| Mozilla Firefox | <135 | 135 |
| <128.7 | 128.7 | |
| <128.7 | 128.7 | |
| Mozilla Firefox | <115.20.0 | |
| Mozilla Firefox | <135.0 | |
| Mozilla Firefox | >=128.1.0<128.7.0 | |
| Mozilla Thunderbird | >=128.0.1<128.7.0 | |
| Mozilla Thunderbird | >=131.0<135.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1936601%2C1936844%2C1937694%2C1938469%2C1939583%2C1940994
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/
- https://www.mozilla.org/security/advisories/mfsa2025-07/
- https://www.mozilla.org/security/advisories/mfsa2025-08/
- https://www.mozilla.org/security/advisories/mfsa2025-09/
- https://www.mozilla.org/security/advisories/mfsa2025-10/
- https://www.mozilla.org/security/advisories/mfsa2025-11/
- https://access.redhat.com/errata/RHSA-2025:1066
- https://access.redhat.com/errata/RHSA-2025:1133
- https://access.redhat.com/errata/RHSA-2025:1135
- https://access.redhat.com/errata/RHSA-2025:1138
- https://access.redhat.com/errata/RHSA-2025:1136
- https://access.redhat.com/errata/RHSA-2025:1132
- https://access.redhat.com/errata/RHSA-2025:1137
- https://access.redhat.com/errata/RHSA-2025:1139
- https://access.redhat.com/errata/RHSA-2025:1140
- https://bugzilla.redhat.com/show_bug.cgi?id=2343752
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2025-1016?
CVE-2025-1016 is considered a high-severity vulnerability due to its potential for memory corruption and arbitrary code execution.
How do I fix CVE-2025-1016?
To fix CVE-2025-1016, update affected software to the latest version: Thunderbird to 135 or 128.7, and Firefox or Firefox ESR to 135 or 115.20 respectively.
Which versions are affected by CVE-2025-1016?
CVE-2025-1016 affects Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6.
Can CVE-2025-1016 be exploited?
Yes, CVE-2025-1016 contains memory safety bugs that could potentially be exploited to run arbitrary code.
What software does CVE-2025-1016 impact?
CVE-2025-1016 impacts Mozilla's Thunderbird and Firefox products, along with their Extended Support Release (ESR) versions.
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/source
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-1016
- vendor/mozilla
- canonical/mozilla thunderbird
- canonical/mozilla firefox esr
- canonical/mozilla firefox
- version/mozilla firefox/128.1.0
- version/mozilla thunderbird/128.0.1
- version/mozilla thunderbird/131.0