CVE-2025-1011
Published: 04 February 2025
Summary
CVE-2025-1011 is a high-severity Code Injection (CWE-94) vulnerability in Mozilla Firefox. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-18 (Mobile Code).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely patching of the WebAssembly code generation flaw in vulnerable Firefox and Thunderbird versions to eliminate the code execution risk.
Ensures organizations receive and act on security advisories like Mozilla MFSA 2025-07, enabling prompt remediation of CVE-2025-1011.
Controls execution and scanning of mobile code such as WebAssembly to mitigate exploitation of code generation bugs leading to crashes and code injection.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via malicious site visit (drive-by) or crafted file enables client-side exploitation.
NVD Description
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and…
more
Thunderbird 135.
Deeper analysisAI
CVE-2025-1011 is a vulnerability in the WebAssembly code generation component of Mozilla Firefox and Thunderbird products. The issue manifests as a bug that could cause a crash and potentially be leveraged by an attacker to achieve arbitrary code execution. It affects versions of Firefox prior to 135, Firefox ESR prior to 128.7, Thunderbird prior to 128.7, and Thunderbird prior to 135, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and association to CWE-94 (Code Injection).
An attacker can exploit this vulnerability remotely over the network with low complexity and no required privileges, though it necessitates user interaction, such as visiting a malicious site or opening a crafted file. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, including the potential for code execution within the browser's sandboxed environment.
Mozilla addressed the vulnerability in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135, as detailed in security advisories MFSA 2025-07, MFSA 2025-09, MFSA 2025-10, and MFSA 2025-11, along with Bugzilla entry 1936454. Security practitioners should prioritize updating affected products to these patched versions to mitigate the risk.
Details
- CWE(s)