9.8
CVE-2025-1011
- EPSS 0.21%
- Veröffentlicht 04.02.2025 14:15:31
- Zuletzt bearbeitet 13.04.2026 15:16:49
- Quelle security@mozilla.org
- CVE-Watchlists
- Unerledigt
LoginA bug in WebAssembly code generation could result in a crash
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird SwEdition- Version < 135.0
Mozilla ≫ Thunderbird SwEditionesr Version >= 128.0.1 < 128.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.437 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.