Mozilla Products February 2025 1st Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Firefox ESR, Firefox). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 135 or below

Firefox ESR 115.20 or below

Firefox ESR 128.7 or below

Thunderbird 128.7 or below

Thunderbird 135 or below

 

Resolved Vulnerabilities

 

High Level Memory Security Verification Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1016) [1], [2], [3], [4], [5]

Moderate Memory Free and Reuse (UAF) Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1012) [1], [2], [3], [4], [5]

High-level memory free and reuse (UAF) vulnerability in the Custom Highlight feature in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1010) [1], [2], [3], [4], [5]

High Level Memory Free and Reuse (UAF) Vulnerability in XSLT Functionality in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1009) [1], [2], [3], [4], [5]

Moderate Memory Security Validation Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1017) [1], [2], [3], [4], [5

A moderate vulnerability exists in Firefox, Firefox ESR, and Thunderbird (CVE-2025-1011) [1], [2], [3], [5]

A moderate vulnerability exists in Firefox, Thunderbird that prevents full-screen notifications from displaying properly (CVE-2025-1019) [1], [5]

Moderate vulnerability in Firefox and Thunderbird where fullscreen notifications are not displayed on fullscreen re-request (CVE-2025-1018) [1], [5]

High-level spoofing vulnerability in Thunderbird (CVE-2025-0510) [1], [2]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the 02/04/2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 135

Thunderbird version 128.7

Firefox ESR 128.7

Firefox ESR 115.20

Firefox 135 versions

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 135

https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/

[2] Security Vulnerabilities fixed in Thunderbird ESR 128.7

https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/

[3] Security Vulnerabilities fixed in Firefox ESR 128.7

https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/

[4] Security Vulnerabilities fixed in Firefox ESR 115.20

https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/

[5] Security Vulnerabilities fixed in Firefox 135

https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release