Bug 2343752 (CVE-2025-1016) - CVE-2025-1016 firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7
Summary: CVE-2025-1016 firefox: thunderbird: Memory safety bugs fixed in Firefox 135, ...
Keywords:
Status: NEW
Alias: CVE-2025-1016
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-04 15:01 UTC by OSIDB Bzimport
Modified: 2025-04-06 18:55 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:1066 0 None None None 2025-02-05 11:32:23 UTC
Red Hat Product Errata RHSA-2025:1132 0 None None None 2025-02-06 11:33:59 UTC
Red Hat Product Errata RHSA-2025:1133 0 None None None 2025-02-06 11:17:51 UTC
Red Hat Product Errata RHSA-2025:1135 0 None None None 2025-02-06 11:21:15 UTC
Red Hat Product Errata RHSA-2025:1136 0 None None None 2025-02-06 11:28:29 UTC
Red Hat Product Errata RHSA-2025:1137 0 None None None 2025-02-06 11:37:42 UTC
Red Hat Product Errata RHSA-2025:1138 0 None None None 2025-02-06 11:28:08 UTC
Red Hat Product Errata RHSA-2025:1139 0 None None None 2025-02-06 11:46:40 UTC
Red Hat Product Errata RHSA-2025:1140 0 None None None 2025-02-06 11:49:01 UTC
Red Hat Product Errata RHSA-2025:1184 0 None None None 2025-02-10 01:23:18 UTC
Red Hat Product Errata RHSA-2025:1283 0 None None None 2025-02-11 09:52:09 UTC
Red Hat Product Errata RHSA-2025:1292 0 None None None 2025-02-11 11:24:46 UTC
Red Hat Product Errata RHSA-2025:1317 0 None None None 2025-02-11 16:36:48 UTC
Red Hat Product Errata RHSA-2025:1318 0 None None None 2025-02-11 16:38:35 UTC
Red Hat Product Errata RHSA-2025:1319 0 None None None 2025-02-11 15:51:46 UTC
Red Hat Product Errata RHSA-2025:1339 0 None None None 2025-02-12 04:05:30 UTC
Red Hat Product Errata RHSA-2025:1340 0 None None None 2025-02-12 04:12:06 UTC
Red Hat Product Errata RHSA-2025:1341 0 None None None 2025-02-12 04:19:16 UTC
Red Hat Product Errata RHSA-2025:1348 0 None None None 2025-02-12 09:35:12 UTC

Description OSIDB Bzimport 2025-02-04 15:01:37 UTC 
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Comment 1 errata-xmlrpc 2025-02-05 11:32:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1066 http://access.redhat.com/errata/RHSA-2025:1066
Comment 2 errata-xmlrpc 2025-02-06 11:17:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1133 http://access.redhat.com/errata/RHSA-2025:1133
Comment 3 errata-xmlrpc 2025-02-06 11:21:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:1135 http://access.redhat.com/errata/RHSA-2025:1135
Comment 4 errata-xmlrpc 2025-02-06 11:28:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1138 http://access.redhat.com/errata/RHSA-2025:1138
Comment 5 errata-xmlrpc 2025-02-06 11:28:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1136 http://access.redhat.com/errata/RHSA-2025:1136
Comment 6 errata-xmlrpc 2025-02-06 11:33:58 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1132 http://access.redhat.com/errata/RHSA-2025:1132
Comment 7 errata-xmlrpc 2025-02-06 11:37:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1137 http://access.redhat.com/errata/RHSA-2025:1137
Comment 8 errata-xmlrpc 2025-02-06 11:46:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1139 http://access.redhat.com/errata/RHSA-2025:1139
Comment 9 errata-xmlrpc 2025-02-06 11:48:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1140 http://access.redhat.com/errata/RHSA-2025:1140
Comment 10 errata-xmlrpc 2025-02-10 01:23:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1184 http://access.redhat.com/errata/RHSA-2025:1184
Comment 11 errata-xmlrpc 2025-02-11 09:52:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1283 http://access.redhat.com/errata/RHSA-2025:1283
Comment 12 errata-xmlrpc 2025-02-11 11:24:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1292 http://access.redhat.com/errata/RHSA-2025:1292
Comment 13 errata-xmlrpc 2025-02-11 15:51:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1319 http://access.redhat.com/errata/RHSA-2025:1319
Comment 14 errata-xmlrpc 2025-02-11 16:36:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1317 http://access.redhat.com/errata/RHSA-2025:1317
Comment 15 errata-xmlrpc 2025-02-11 16:38:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1318 http://access.redhat.com/errata/RHSA-2025:1318
Comment 16 errata-xmlrpc 2025-02-12 04:05:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:1339 http://access.redhat.com/errata/RHSA-2025:1339
Comment 17 errata-xmlrpc 2025-02-12 04:12:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1340 http://access.redhat.com/errata/RHSA-2025:1340
Comment 18 errata-xmlrpc 2025-02-12 04:19:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1341 http://access.redhat.com/errata/RHSA-2025:1341
Comment 19 errata-xmlrpc 2025-02-12 09:35:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1348 http://access.redhat.com/errata/RHSA-2025:1348
Note You need to log in before you can comment on or make changes to this bug.