vulnerability

Debian: CVE-2025-1011: firefox-esr, thunderbird -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Feb 4, 2025

Added

Feb 7, 2025

Modified

Apr 15, 2026

Description

A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Solutions

debian-upgrade-firefox-esrdebian-upgrade-thunderbird

References

CVE-2025-1011
https://attackerkb.com/topics/CVE-2025-1011
CWE-94
DEBIAN-DSA-5858-1
EUVD-EUVD-2025-1966
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-1966

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report