Mozilla Foundation Security Advisory 2025-07
Security Vulnerabilities fixed in Firefox 135
- Announced
- February 4, 2025
- Impact
- high
- Products
- Firefox
- Fixed in
-
- Firefox 135
#CVE-2025-1009: Use-after-free in XSLT
- Reporter
- Ivan Fratric of Google Project Zero
- Impact
- high
Description
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.
References
#CVE-2025-1010: Use-after-free in Custom Highlight
- Reporter
- Atte Kettunen
- Impact
- high
Description
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.
References
#CVE-2025-1018: Fullscreen notification is not displayed when fullscreen is re-requested
- Reporter
- Irvan Kurniawan
- Impact
- moderate
Description
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack.
References
#CVE-2025-1011: A bug in WebAssembly code generation could result in a crash
- Reporter
- Nan Wang
- Impact
- moderate
Description
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.
References
#CVE-2025-1012: Use-after-free during concurrent delazification
- Reporter
- Nils Bars
- Impact
- moderate
Description
A race during concurrent delazification could have led to a use-after-free.
References
#CVE-2025-1019: Fullscreen notification not properly displayed
- Reporter
- Irvan Kurniawan
- Impact
- moderate
Description
The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack.
References
#CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows
- Reporter
- Maruf Bin Murtuza
- Impact
- low
Description
A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.
References
#CVE-2025-1014: Certificate length was not properly checked
- Reporter
- Theemathas
- Impact
- low
Description
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.
References
#CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
- Reporter
- Andrew McCreight, Randell Jesup, Andrew Osmond, Akmat Suleimanov and the Mozilla Fuzzing Team
- Impact
- high
Description
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
#CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
- Reporter
- Sebastian Hengst, Maurice Dauer and the Mozilla Fuzzing Team
- Impact
- moderate
Description
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
#CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird 135
- Reporter
- The Mozilla Fuzzing Team
- Impact
- high
Description
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.