Login Sign Up

CVE-2025-1011

8.8 HIGH
Remote Code Execution

📋 TL;DR

A WebAssembly code generation bug in Mozilla products could allow attackers to cause crashes and potentially execute arbitrary code. This affects Firefox versions below 135, Firefox ESR below 128.7, Thunderbird below 128.7, and Thunderbird below 135.

💻 Affected Systems

Products:
  • Firefox
  • Firefox ESR
  • Thunderbird
Versions: Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, Thunderbird < 135
Operating Systems: All platforms supported by affected products
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations with WebAssembly enabled are vulnerable.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

Firefox by Mozilla

View all CVEs affecting Firefox →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

Thunderbird by Mozilla

View all CVEs affecting Thunderbird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or malware installation.

🟠

Likely Case

Application crash (denial of service) with potential for limited code execution in browser context.

🟢

If Mitigated

No impact if patched; crashes prevented if WebAssembly disabled.

🌐 Internet-Facing: HIGH - Browser-based vulnerabilities are directly exposed to internet content.
🏢 Internal Only: MEDIUM - Email clients (Thunderbird) could be exploited via malicious emails.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires WebAssembly execution; no public exploit available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox 135+, Firefox ESR 128.7+, Thunderbird 128.7+, Thunderbird 135+

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2025-07/

Restart Required: Yes

Instructions:

1. Open affected application. 2. Go to Help > About Firefox/Thunderbird. 3. Allow automatic update or download latest version from mozilla.org. 4. Restart application.

🔧 Temporary Workarounds

Disable WebAssembly

all

Prevents WebAssembly code execution, mitigating the vulnerability.

In Firefox/Thunderbird address bar, type about:config
Search for 'javascript.options.wasm'
Set to false

🧯 If You Can't Patch

  • Disable WebAssembly via about:config settings
  • Use application sandboxing or restricted execution environments

🔍 How to Verify

Check if Vulnerable:

Check application version against affected ranges in Help > About.

Check Version:

firefox --version or thunderbird --version

Verify Fix Applied:

Confirm version is Firefox 135+, Firefox ESR 128.7+, Thunderbird 128.7+, or Thunderbird 135+.

📡 Detection & Monitoring

Log Indicators:

  • Application crash logs with WebAssembly-related stack traces
  • Unexpected process termination

Network Indicators:

  • Suspicious WebAssembly module downloads
  • Unusual traffic to WebAssembly-heavy sites

SIEM Query:

source="firefox.log" AND ("crash" OR "segfault") AND "wasm"

📊 Metadata

CVE ID: CVE-2025-1011
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.35% exploit probability (57.1th percentile)
Published: February 4, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-1011, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)