CVE-2025-1009

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 4, 2025

Updated: Feb 6, 2025

CWE ID 416

Summary

CVE-2025-1009 is a use-after-free vulnerability that can be exploited through crafted XSLT data. This issue, if successfully exploited, could cause a crash in Firefox versions below 135, Firefox ESR versions below 115.20, Firefox ESR versions below 128.7, Thunderbird versions below 128.7, and Thunderbird versions below 135. An attacker could potentially leverage this vulnerability to execute arbitrary code on affected systems. Users are urged to update their browsers and email clients to the latest versions to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mozilla Thunderbird
Mozilla Firefox

Affected Vendors

Mozilla

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2dwDAw
https://www.cve.org/CVERecord?id=CVE-2025-1009
https://nvd.nist.gov/vuln/detail/CVE-2025-1009

Back to Vulnerability Database