{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1010", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-02-04T07:26:27.080Z", "datePublished": "2025-02-04T13:58:52.357Z", "dateUpdated": "2026-04-13T14:25:08.956Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.20", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.7", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "135", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.7", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "135", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135."}]}], "title": "Use-after-free in Custom Highlight", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "credits": [{"lang": "en", "value": "Atte Kettunen"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:08.956Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T18:47:57.971422Z", "id": "CVE-2025-1010", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T18:48:05.169Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:56:48.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:56:48.887Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-1010", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-05T18:47:57.971422Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T18:46:45.761Z"}}], "cna": {"title": "Use-after-free in Custom Highlight", "credits": [{"lang": "en", "value": "Atte Kettunen"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.20", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.7", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "135", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.7", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "135", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}], "descriptions": [{"lang": "en", "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "supportingMedia": [{"type": "text/html", "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:08.956Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1010", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:25:08.956Z", "dateReserved": "2025-02-04T07:26:27.080Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-02-04T13:58:52.357Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "9D052B41-C615-4037-B188-59F57CDEFBF8", "versionEndExcluding": "115.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "C08017D5-BBC7-4E01-92D2-CE2E2ED9453A", "versionEndExcluding": "135.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "B58365E6-5BBF-44CA-97A6-502D35489964", "versionEndExcluding": "128.7.0", "versionStartIncluding": "128.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "0504330C-A82A-4E1E-9774-38CCB3DF8D92", "versionEndExcluding": "128.7.0", "versionStartIncluding": "128.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "B5DC3260-2056-4C30-BCBA-AD45537FF0F5", "versionEndExcluding": "135.0", "versionStartIncluding": "131.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135."}, {"lang": "es", "value": "Un atacante podr\u00eda haber provocado un Use-after-free a trav\u00e9s de la API de resaltado personalizado, lo que habr\u00eda provocado un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7 y Thunderbird < 135."}], "id": "CVE-2025-1010", "lastModified": "2026-04-13T15:16:49.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-02-04T14:15:31.767", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1936982"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-07/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-08/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-09/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-10/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-11/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1132", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.7.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1283", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.7.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1292", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.7.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1133", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.7.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1348", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.7.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1135", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1339", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.7.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1136", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1341", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.7.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1137", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.7.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1340", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.7.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-02-12T00:00:00Z"}, {"advisory": "RHSA-2025:1066", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.7.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-05T00:00:00Z"}, {"advisory": "RHSA-2025:1184", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.7.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1138", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.7.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1319", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.7.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1139", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.7.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1317", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.7.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}, {"advisory": "RHSA-2025:1140", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.7.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-06T00:00:00Z"}, {"advisory": "RHSA-2025:1318", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.7.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-02-11T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Use-after-free in Custom Highlight", "id": "2343750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343750"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash."], "name": "CVE-2025-1010", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-04T13:58:52Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1010\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1010\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1936982\nhttps://www.mozilla.org/security/advisories/mfsa2025-07/\nhttps://www.mozilla.org/security/advisories/mfsa2025-08/\nhttps://www.mozilla.org/security/advisories/mfsa2025-09/\nhttps://www.mozilla.org/security/advisories/mfsa2025-10/\nhttps://www.mozilla.org/security/advisories/mfsa2025-11/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-22T07:02:35.219978+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch that addresses the use\u2011after\u2011free flaw documented under CWE\u2011416, i.e., upgrade to the latest Firefox\u00a0135 or newer, Firefox ESR\u00a0115.20 or newer, Firefox ESR\u00a0128.7 or newer, Thunderbird\u00a0128.7 or newer, or Thunderbird\u00a0135 or newer.", "Disable the Custom Highlight API on affected browsers or configure extensions to avoid using this API, effectively removing the trigger for the CWE\u2011416 use\u2011after\u2011free vulnerability.", "If disabling the API is not feasible, run Firefox and Thunderbird in a hardened or sandboxed environment and monitor for memory integrity violations, as a precaution against potential exploitation of the CWE\u2011416 flaw."], "summary": {"action": "Patch Now", "impact": "Use\u2011After\u2011Free Crash"}, "threat_synthesis": {"affected_systems": "This flaw affects Mozilla Firefox and Mozilla Thunderbird. Versions earlier than Firefox\u00a0135, Firefox ESR\u00a0115.20, Firefox ESR\u00a0128.7, Thunderbird\u00a0128.7, and Thunderbird\u00a0135 are vulnerable. The issue is present across all operating systems that host these products, including the Red\u00a0Hat Enterprise Linux 8, 9, and various maintenance branches listed in the CPE set.", "description_and_impact": "An attacker could trigger a use\u2011after\u2011free through the Custom Highlight API, which may cause the application to crash. The advisory notes only a potentially exploitable crash, indicating that the primary impact is a loss of availability.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this weakness as critical, and the EPSS score of less than 1% indicates a low likelihood of immediate exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is via a malicious script, extension, or other user action that triggers the Custom Highlight API, causing the freed memory block to be accessed again. Exact exploitation conditions are not detailed in the advisory, but the severity remains high due to the potential for application crash."}}}}, "created": "2026-04-22T07:15:11.678812+00:00", "updated": "2026-04-22T07:15:11.678823+00:00", "vendors": []}