usn-7263-1
Vulnerability from osv_ubuntu
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2025-1011, CVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017, CVE-2025-1018, CVE-2025-1019, CVE-2025-1020)
Ivan Fratric discovered that Firefox did not properly handle XSLT data, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1009)
Atte Kettunen discovered that Firefox did not properly manage memory in the Custom Highlight API, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1010)
Nils Bars discovered that Firefox did not properly manage memory during concurrent delazification, leading to a use-after-free vulnerability. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2025-1012)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2025-1009",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1010",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1011",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1012",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1013",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1014",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1016",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1017",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1018",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1019",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2025-1020",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "135.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "135.0+build2-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "135.0+build2-0ubuntu0.20.04.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "firefox",
"purl": "pkg:deb/ubuntu/firefox@135.0+build2-0ubuntu0.20.04.1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "135.0+build2-0ubuntu0.20.04.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"69.0.3+build1-0ubuntu1",
"70.0+build2-0ubuntu1",
"70.0+build2-0ubuntu2",
"70.0.1+build1-0ubuntu2",
"71.0+build2-0ubuntu2",
"71.0+build5-0ubuntu1",
"72.0.1+build1-0ubuntu1",
"72.0.2+build1-0ubuntu1",
"73.0+build1-0ubuntu1",
"73.0+build2-0ubuntu1",
"73.0+build3-0ubuntu1",
"73.0.1+build1-0ubuntu1",
"74.0+build1-0ubuntu1",
"74.0+build2-0ubuntu1",
"74.0+build2-0ubuntu2",
"74.0+build3-0ubuntu1",
"75.0+build3-0ubuntu1",
"76.0+build2-0ubuntu0.20.04.1",
"76.0.1+build1-0ubuntu0.20.04.1",
"77.0.1+build1-0ubuntu0.20.04.1",
"78.0.1+build1-0ubuntu0.20.04.1",
"78.0.2+build2-0ubuntu0.20.04.1",
"79.0+build1-0ubuntu0.20.04.1",
"80.0+build2-0ubuntu0.20.04.1",
"80.0.1+build1-0ubuntu0.20.04.1",
"81.0+build2-0ubuntu0.20.04.1",
"81.0.2+build1-0ubuntu0.20.04.1",
"82.0+build2-0ubuntu0.20.04.1",
"82.0.2+build1-0ubuntu0.20.04.1",
"82.0.3+build1-0ubuntu0.20.04.1",
"83.0+build2-0ubuntu0.20.04.1",
"84.0+build3-0ubuntu0.20.04.1",
"84.0.1+build1-0ubuntu0.20.04.1",
"84.0.2+build1-0ubuntu0.20.04.1",
"85.0+build1-0ubuntu0.20.04.1",
"85.0.1+build1-0ubuntu0.20.04.1",
"86.0+build3-0ubuntu0.20.04.1",
"86.0.1+build1-0ubuntu0.20.04.1",
"87.0+build3-0ubuntu0.20.04.2",
"88.0+build2-0ubuntu0.20.04.1",
"88.0.1+build1-0ubuntu0.20.04.2",
"89.0+build2-0ubuntu0.20.04.2",
"89.0.1+build1-0ubuntu0.20.04.1",
"89.0.2+build1-0ubuntu0.20.04.1",
"90.0+build1-0ubuntu0.20.04.1",
"90.0.2+build1-0ubuntu0.20.04.1",
"91.0+build2-0ubuntu0.20.04.1",
"91.0.1+build1-0ubuntu0.20.04.1",
"91.0.2+build1-0ubuntu0.20.04.1",
"92.0+build3-0ubuntu0.20.04.1",
"93.0+build1-0ubuntu0.20.04.1",
"94.0+build3-0ubuntu0.20.04.1",
"95.0+build1-0ubuntu0.20.04.1",
"95.0.1+build2-0ubuntu0.20.04.1",
"96.0+build2-0ubuntu0.20.04.1",
"97.0+build2-0ubuntu0.20.04.1",
"97.0.2+build1-0ubuntu0.20.04.1",
"98.0+build3-0ubuntu0.20.04.2",
"98.0.1+build2-0ubuntu0.20.04.1",
"98.0.2+build1-0ubuntu0.20.04.1",
"99.0+build2-0ubuntu0.20.04.2",
"100.0+build2-0ubuntu0.20.04.1",
"100.0.2+build1-0ubuntu0.20.04.1",
"101.0.1+build1-0ubuntu0.20.04.1",
"102.0+build2-0ubuntu0.20.04.1",
"103.0+build1-0ubuntu0.20.04.1",
"104.0+build3-0ubuntu0.20.04.1",
"105.0+build2-0ubuntu0.20.04.1",
"106.0.2+build1-0ubuntu0.20.04.1",
"106.0.5+build1-0ubuntu0.20.04.1",
"107.0+build2-0ubuntu0.20.04.1",
"108.0+build2-0ubuntu0.20.04.1",
"108.0.1+build1-0ubuntu0.20.04.1",
"108.0.2+build1-0ubuntu0.20.04.1",
"109.0+build2-0ubuntu0.20.04.1",
"109.0.1+build1-0ubuntu0.20.04.2",
"110.0+build3-0ubuntu0.20.04.1",
"110.0.1+build2-0ubuntu0.20.04.1",
"111.0+build2-0ubuntu0.20.04.1",
"111.0.1+build2-0ubuntu0.20.04.1",
"112.0+build2-0ubuntu0.20.04.1",
"112.0.1+build1-0ubuntu0.20.04.1",
"112.0.2+build1-0ubuntu0.20.04.1",
"113.0+build2-0ubuntu0.20.04.1",
"113.0.1+build1-0ubuntu0.20.04.1",
"113.0.2+build1-0ubuntu0.20.04.1",
"114.0+build3-0ubuntu0.20.04.1",
"114.0.1+build1-0ubuntu0.20.04.1",
"114.0.2+build1-0ubuntu0.20.04.1",
"115.0+build2-0ubuntu0.20.04.3",
"115.0.2+build1-0ubuntu0.20.04.1",
"116.0+build2-0ubuntu0.20.04.2",
"116.0.2+build1-0ubuntu0.20.04.1",
"116.0.3+build2-0ubuntu0.20.04.1",
"117.0+build2-0ubuntu0.20.04.1",
"117.0.1+build2-0ubuntu0.20.04.1",
"118.0.1+build1-0ubuntu0.20.04.1",
"118.0.2+build2-0ubuntu0.20.04.1",
"119.0+build2-0ubuntu0.20.04.1",
"119.0.1+build1-0ubuntu0.20.04.1",
"120.0+build2-0ubuntu0.20.04.1",
"120.0.1+build1-0ubuntu0.20.04.1",
"121.0+build1-0ubuntu0.20.04.1",
"121.0.1+build1-0ubuntu0.20.04.1",
"122.0+build2-0ubuntu0.20.04.1",
"122.0.1+build1-0ubuntu0.20.04.1",
"123.0+build3-0ubuntu0.20.04.1",
"123.0.1+build1-0ubuntu0.20.04.1",
"124.0+build1-0ubuntu0.20.04.1",
"124.0.1+build1-0ubuntu0.20.04.1",
"124.0.2+build1-0ubuntu0.20.04.1",
"125.0.2+build1-0ubuntu0.20.04.2",
"125.0.3+build1-0ubuntu0.20.04.1",
"126.0+build2-0ubuntu0.20.04.1",
"126.0.1+build1-0ubuntu0.20.04.1",
"127.0.2+build1-0ubuntu0.20.04.1",
"128.0+build2-0ubuntu0.20.04.1",
"129.0.1+build1-0ubuntu0.20.04.1",
"129.0.2+build1-0ubuntu0.20.04.1",
"130.0+build2-0ubuntu0.20.04.1",
"130.0.1+build1-0ubuntu0.20.04.1",
"131.0+build1.1-0ubuntu0.20.04.1",
"131.0.2+build1-0ubuntu0.20.04.1",
"131.0.3+build1-0ubuntu0.20.04.1",
"132.0+build1-0ubuntu0.20.04.1",
"133.0+build2-0ubuntu0.20.04.1",
"134.0+build1-0ubuntu0.20.04.1"
]
}
],
"aliases": [],
"details": "Multiple security issues were discovered in Firefox. If a user were\ntricked into opening a specially crafted website, an attacker could\npotentially exploit these to cause a denial of service, obtain sensitive\ninformation across domains, or execute arbitrary code. (CVE-2025-1011,\nCVE-2025-1013, CVE-2025-1014, CVE-2025-1016, CVE-2025-1017, CVE-2025-1018,\nCVE-2025-1019, CVE-2025-1020)\n\nIvan Fratric discovered that Firefox did not properly handle XSLT data,\nleading to a use-after-free vulnerability. An attacker could potentially\nexploit this issue to cause a denial of service, or execute arbitrary code.\n(CVE-2025-1009)\n\nAtte Kettunen discovered that Firefox did not properly manage memory in\nthe Custom Highlight API, leading to a use-after-free vulnerability. An\nattacker could potentially exploit this issue to cause a denial of service,\nor execute arbitrary code. (CVE-2025-1010)\n\nNils Bars discovered that Firefox did not properly manage memory during\nconcurrent delazification, leading to a use-after-free vulnerability.\nAn attacker could potentially exploit this issue to cause a denial of\nservice, or execute arbitrary code. (CVE-2025-1012)\n",
"id": "USN-7263-1",
"modified": "2026-04-27T14:11:39Z",
"published": "2025-02-11T00:55:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-7263-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1009"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1010"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1011"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1012"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1013"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1014"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1016"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1017"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1018"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1019"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2025-1020"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "firefox vulnerabilities",
"upstream": [
"UBUNTU-CVE-2025-1009",
"UBUNTU-CVE-2025-1010",
"UBUNTU-CVE-2025-1011",
"UBUNTU-CVE-2025-1012",
"UBUNTU-CVE-2025-1013",
"UBUNTU-CVE-2025-1014",
"UBUNTU-CVE-2025-1016",
"UBUNTU-CVE-2025-1017",
"UBUNTU-CVE-2025-1018",
"UBUNTU-CVE-2025-1019",
"UBUNTU-CVE-2025-1020"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.