Red Hat: CVE-2025-1012: firefox: thunderbird: Use-after-free during concurrent delazification (Multiple Advisories)

Red Hat: CVE-2025-1012: firefox: thunderbird: Use-after-free during concurrent delazification (Multiple Advisories)

Severity

9

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:C)

Published

02/04/2025

Created

02/11/2025

Added

02/10/2025

Modified

02/13/2025

Description

A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.

Solution(s)

• redhat-upgrade-firefox
• redhat-upgrade-firefox-debuginfo
• redhat-upgrade-firefox-debugsource
• redhat-upgrade-firefox-x11
• redhat-upgrade-thunderbird
• redhat-upgrade-thunderbird-debuginfo
• redhat-upgrade-thunderbird-debugsource

References

• CVE-2025-1012
• RHSA-2025:1066
• RHSA-2025:1137
• RHSA-2025:1139
• RHSA-2025:1140
• RHSA-2025:1184
• RHSA-2025:1283
• RHSA-2025:1292
• RHSA-2025:1317
• RHSA-2025:1318
• RHSA-2025:1340

View more