Use-After-Free Vulnerability in Firefox and Thunderbird Products by Mozilla
CVE-2025-1009

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 4 February 2025

Summary

A vulnerability exists in Mozilla's Firefox and Thunderbird products that could be exploited through crafted XSLT data, potentially leading to application crashes. Attackers may leverage this condition to disrupt services, highlighting the importance of maintaining updated versions to mitigate risks associated with this insecure implementation.

Affected Version(s)

Firefox < 135

Firefox ESR < 115.20

Firefox ESR < 128.7

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1936613

https://www.mozilla.org/security/advisories/mfsa2025-07/

https://www.mozilla.org/security/advisories/mfsa2025-08/

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Feb 4, 2025

Credit

Ivan Fratric of Google Project Zero