QwikSec

Security Database

CVE

CWE

Training

CVE-2025-1009

Published: Feb 4, 2025

Modified: Apr 13, 2026

PUBLISHED

Description

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Vendor	Product	Versions
Mozilla	Firefox	unaffected `115.20 - <= 115.` unaffected `128.7 - <= 128.` unaffected `135 - <= *`
Mozilla	Thunderbird	unaffected `128.7 - <= 128.` unaffected `135 - <= `

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1936613

https://www.mozilla.org/security/advisories/mfsa2025-07/

https://www.mozilla.org/security/advisories/mfsa2025-08/

https://www.mozilla.org/security/advisories/mfsa2025-09/

https://www.mozilla.org/security/advisories/mfsa2025-10/

https://www.mozilla.org/security/advisories/mfsa2025-11/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.