Mozilla Foundation Security Advisory 2025-07

Security Vulnerabilities fixed in Firefox 135

Announced
February 4, 2025
Impact
high
Products
Firefox
Fixed in
  • Firefox 135

#CVE-2025-1009: Use-after-free in XSLT

Reporter
Ivan Fratric of Google Project Zero
Impact
high
Description

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash.

References

#CVE-2025-1010: Use-after-free in Custom Highlight

Reporter
Atte Kettunen
Impact
high
Description

An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash.

References

#CVE-2025-1018: Fullscreen notification is not displayed when fullscreen is re-requested

Reporter
Irvan Kurniawan
Impact
moderate
Description

The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack.

References

#CVE-2025-1011: A bug in WebAssembly code generation could result in a crash

Reporter
Nan Wang
Impact
moderate
Description

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution.

References

#CVE-2025-1012: Use-after-free during concurrent delazification

Reporter
Nils Bars
Impact
moderate
Description

A race during concurrent delazification could have led to a use-after-free.

References

#CVE-2025-1019: Fullscreen notification not properly displayed

Reporter
Irvan Kurniawan
Impact
moderate
Description

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack.

References

#CVE-2025-1013: Potential opening of private browsing tabs in normal browsing windows

Reporter
Maruf Bin Murtuza
Impact
low
Description

A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak.

References

#CVE-2025-1014: Certificate length was not properly checked

Reporter
Theemathas
Impact
low
Description

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed.

References

#CVE-2025-1016: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7

Reporter
Andrew McCreight, Randell Jesup, Andrew Osmond, Akmat Suleimanov and the Mozilla Fuzzing Team
Impact
high
Description

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

#CVE-2025-1017: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7

Reporter
Sebastian Hengst, Maurice Dauer and the Mozilla Fuzzing Team
Impact
moderate
Description

Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References

#CVE-2025-1020: Memory safety bugs fixed in Firefox 135 and Thunderbird 135

Reporter
The Mozilla Fuzzing Team
Impact
high
Description

Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

References