ГлавнаяУязвимости → CVE-2025-1014
8.8высокая

CVE-2025-1014

Описание

Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135.

Затрагиваемое ПО
Mozilla FirefoxMozilla Thunderbird
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://bugzilla.mozilla.org/show_bug.cgi?id=1940804https://www.mozilla.org/security/advisories/mfsa2025-07/https://www.mozilla.org/security/advisories/mfsa2025-09/https://www.mozilla.org/security/advisories/mfsa2025-10/https://www.mozilla.org/security/advisories/mfsa2025-11/https://lists.debian.org/debian-lts-announce/2025/02/msg00006.html