CVE-2025-1011

high

Description

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

References

https://www.mozilla.org/security/advisories/mfsa2025-11/

https://www.mozilla.org/security/advisories/mfsa2025-10/

https://www.mozilla.org/security/advisories/mfsa2025-09/

https://www.mozilla.org/security/advisories/mfsa2025-07/

https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html

https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1936454

Details

Source: Mitre, NVD

Published: 2025-02-04

Updated: 2026-04-13

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00087