Bug 2343748 (CVE-2025-1017) - CVE-2025-1017 firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7
Summary: CVE-2025-1017 firefox: thunderbird: Memory safety bugs fixed in Firefox 135, ...
Keywords:
Status: NEW
Alias: CVE-2025-1017
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-04 15:01 UTC by OSIDB Bzimport
Modified: 2025-04-06 18:55 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2025:1066 0 None None None 2025-02-05 11:32:20 UTC
Red Hat Product Errata RHSA-2025:1132 0 None None None 2025-02-06 11:34:16 UTC
Red Hat Product Errata RHSA-2025:1133 0 None None None 2025-02-06 11:17:50 UTC
Red Hat Product Errata RHSA-2025:1135 0 None None None 2025-02-06 11:21:13 UTC
Red Hat Product Errata RHSA-2025:1136 0 None None None 2025-02-06 11:28:28 UTC
Red Hat Product Errata RHSA-2025:1137 0 None None None 2025-02-06 11:37:42 UTC
Red Hat Product Errata RHSA-2025:1138 0 None None None 2025-02-06 11:28:06 UTC
Red Hat Product Errata RHSA-2025:1139 0 None None None 2025-02-06 11:46:40 UTC
Red Hat Product Errata RHSA-2025:1140 0 None None None 2025-02-06 11:48:56 UTC
Red Hat Product Errata RHSA-2025:1184 0 None None None 2025-02-10 01:23:16 UTC
Red Hat Product Errata RHSA-2025:1283 0 None None None 2025-02-11 09:52:05 UTC
Red Hat Product Errata RHSA-2025:1292 0 None None None 2025-02-11 11:24:43 UTC
Red Hat Product Errata RHSA-2025:1317 0 None None None 2025-02-11 16:36:45 UTC
Red Hat Product Errata RHSA-2025:1318 0 None None None 2025-02-11 16:38:33 UTC
Red Hat Product Errata RHSA-2025:1319 0 None None None 2025-02-11 15:51:45 UTC
Red Hat Product Errata RHSA-2025:1339 0 None None None 2025-02-12 04:05:26 UTC
Red Hat Product Errata RHSA-2025:1340 0 None None None 2025-02-12 04:12:05 UTC
Red Hat Product Errata RHSA-2025:1341 0 None None None 2025-02-12 04:19:13 UTC
Red Hat Product Errata RHSA-2025:1348 0 None None None 2025-02-12 09:35:09 UTC

Description OSIDB Bzimport 2025-02-04 15:01:26 UTC 
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Comment 1 errata-xmlrpc 2025-02-05 11:32:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1066 https://access.redhat.com/errata/RHSA-2025:1066
Comment 2 errata-xmlrpc 2025-02-06 11:17:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1133 https://access.redhat.com/errata/RHSA-2025:1133
Comment 3 errata-xmlrpc 2025-02-06 11:21:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:1135 https://access.redhat.com/errata/RHSA-2025:1135
Comment 4 errata-xmlrpc 2025-02-06 11:28:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1138 https://access.redhat.com/errata/RHSA-2025:1138
Comment 5 errata-xmlrpc 2025-02-06 11:28:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1136 https://access.redhat.com/errata/RHSA-2025:1136
Comment 6 errata-xmlrpc 2025-02-06 11:33:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1132 https://access.redhat.com/errata/RHSA-2025:1132
Comment 7 errata-xmlrpc 2025-02-06 11:34:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:1132 https://access.redhat.com/errata/RHSA-2025:1132
Comment 8 errata-xmlrpc 2025-02-06 11:37:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1137 https://access.redhat.com/errata/RHSA-2025:1137
Comment 9 errata-xmlrpc 2025-02-06 11:46:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1139 https://access.redhat.com/errata/RHSA-2025:1139
Comment 10 errata-xmlrpc 2025-02-06 11:48:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1140 https://access.redhat.com/errata/RHSA-2025:1140
Comment 11 errata-xmlrpc 2025-02-10 01:23:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:1184 https://access.redhat.com/errata/RHSA-2025:1184
Comment 12 errata-xmlrpc 2025-02-11 09:52:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1283 https://access.redhat.com/errata/RHSA-2025:1283
Comment 13 errata-xmlrpc 2025-02-11 11:24:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:1292 https://access.redhat.com/errata/RHSA-2025:1292
Comment 14 errata-xmlrpc 2025-02-11 15:51:43 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:1319 https://access.redhat.com/errata/RHSA-2025:1319
Comment 15 errata-xmlrpc 2025-02-11 16:36:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2025:1317 https://access.redhat.com/errata/RHSA-2025:1317
Comment 16 errata-xmlrpc 2025-02-11 16:38:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:1318 https://access.redhat.com/errata/RHSA-2025:1318
Comment 17 errata-xmlrpc 2025-02-12 04:05:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2025:1339 https://access.redhat.com/errata/RHSA-2025:1339
Comment 18 errata-xmlrpc 2025-02-12 04:12:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2025:1340 https://access.redhat.com/errata/RHSA-2025:1340
Comment 19 errata-xmlrpc 2025-02-12 04:19:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:1341 https://access.redhat.com/errata/RHSA-2025:1341
Comment 20 errata-xmlrpc 2025-02-12 09:35:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:1348 https://access.redhat.com/errata/RHSA-2025:1348
Note You need to log in before you can comment on or make changes to this bug.