CVE-2025-1014

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*

History

06 Feb 2025, 19:35

Type Values Removed Values Added
CPE cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-295
First Time Mozilla
Mozilla thunderbird
Mozilla firefox
Summary
  • (es) La longitud del certificado no se comprobaba correctamente al añadirlo a un almacén de certificados. En la práctica, solo se procesaban los datos de confianza. Esta vulnerabilidad afecta a Firefox &lt; 135, Firefox ESR &lt; 128.7, Thunderbird &lt; 128.7 y Thunderbird &lt; 135.
References () https://bugzilla.mozilla.org/show_bug.cgi?id=1940804 - () https://bugzilla.mozilla.org/show_bug.cgi?id=1940804 - Permissions Required
References () https://www.mozilla.org/security/advisories/mfsa2025-07/ - () https://www.mozilla.org/security/advisories/mfsa2025-07/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-09/ - () https://www.mozilla.org/security/advisories/mfsa2025-09/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-10/ - () https://www.mozilla.org/security/advisories/mfsa2025-10/ - Vendor Advisory
References () https://www.mozilla.org/security/advisories/mfsa2025-11/ - () https://www.mozilla.org/security/advisories/mfsa2025-11/ - Vendor Advisory

04 Feb 2025, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-04 14:15

Updated : 2025-02-06 21:15


NVD link : CVE-2025-1014

Mitre link : CVE-2025-1014

CVE.ORG link : CVE-2025-1014


JSON object : View

Products Affected

mozilla

  • firefox
  • thunderbird
CWE
CWE-295

Improper Certificate Validation