CVE-2025-1017
First published: Tue Feb 04 2025(Updated: )
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <135 | 135 |
| Mozilla Thunderbird | <135 | 135 |
| <128.7 | 128.7 | |
| <128.7 | 128.7 | |
| Mozilla Firefox | <128.7.0 | |
| Mozilla Firefox | <135.0 | |
| Mozilla Thunderbird | >=128.0.1<128.7.0 | |
| Mozilla Thunderbird | >=131.0<135.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1926256%2C1935984%2C1935471
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/
- https://www.mozilla.org/security/advisories/mfsa2025-07/
- https://www.mozilla.org/security/advisories/mfsa2025-09/
- https://www.mozilla.org/security/advisories/mfsa2025-10/
- https://www.mozilla.org/security/advisories/mfsa2025-11/
- https://access.redhat.com/errata/RHSA-2025:1066
- https://access.redhat.com/errata/RHSA-2025:1133
- https://access.redhat.com/errata/RHSA-2025:1135
- https://access.redhat.com/errata/RHSA-2025:1138
- https://access.redhat.com/errata/RHSA-2025:1136
- https://access.redhat.com/errata/RHSA-2025:1132
- https://access.redhat.com/errata/RHSA-2025:1137
- https://access.redhat.com/errata/RHSA-2025:1139
- https://access.redhat.com/errata/RHSA-2025:1140
- https://bugzilla.redhat.com/show_bug.cgi?id=2343748
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2025-1017?
CVE-2025-1017 has a high severity due to the potential for exploiting memory safety bugs to execute arbitrary code.
How do I fix CVE-2025-1017?
To fix CVE-2025-1017, update to Mozilla Firefox 135 for affected Firefox versions and Mozilla Thunderbird 128.7 or 135 for affected Thunderbird versions.
Which versions are affected by CVE-2025-1017?
CVE-2025-1017 affects Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6.
Can CVE-2025-1017 be exploited?
Yes, CVE-2025-1017 has shown evidence of memory corruption that could potentially be exploited to run arbitrary code.
Who is the vendor for CVE-2025-1017?
The vendor for CVE-2025-1017 is Mozilla.
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/first-publish-date
- agent/type
- agent/author
- agent/references
- agent/source
- agent/description
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/softwarecombine
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-1017
- vendor/mozilla
- canonical/mozilla firefox
- canonical/mozilla thunderbird
- version/mozilla thunderbird/128.0.1
- version/mozilla thunderbird/131.0