CVE-2025-1020

Reference Links

• https://bugzilla.mozilla.org/buglist.cgi?bug_id=1939063%2C1942169
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/
• https://www.mozilla.org/security/advisories/mfsa2025-07/
• https://www.mozilla.org/security/advisories/mfsa2025-11/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1020
• https://nvd.nist.gov/vuln/detail/CVE-2025-1020
• https://launchpad.net/bugs/cve/CVE-2025-1020
• https://security-tracker.debian.org/tracker/CVE-2025-1020
• https://ubuntu.com/security/CVE-2025-1020
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/#CVE-2025-1020

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2025-07
• MFSA2025-11

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2025-1009
• CVE-2025-1010
• CVE-2025-1018
• CVE-2025-1011
• CVE-2025-1012
• CVE-2025-1019
• CVE-2025-1013
• CVE-2025-1014
• CVE-2025-1016
• CVE-2025-1017
• CVE-2025-1020
• CVE-2025-0510
• CVE-2025-1015

Frequently Asked Questions

• What is the severity of CVE-2025-1020?

  CVE-2025-1020 is considered a high-severity vulnerability due to the potential for arbitrary code execution.

• How do I fix CVE-2025-1020?

  To fix CVE-2025-1020, upgrade to Firefox or Thunderbird version 135 or later.

• Which versions of Firefox are affected by CVE-2025-1020?

  Firefox versions up to and including 134 are affected by CVE-2025-1020.

• Which versions of Thunderbird are affected by CVE-2025-1020?

  Thunderbird versions up to and including 134 are affected by CVE-2025-1020.

• What types of vulnerabilities does CVE-2025-1020 include?

  CVE-2025-1020 includes memory safety bugs that could potentially lead to memory corruption.