Mozilla has launched safety updates to handle two important safety flaws in its Firefox browser that may very well be doubtlessly exploited to entry delicate knowledge or obtain code execution.
The vulnerabilities, each of which have been exploited as a zero-day at Pwn2Own Berlin, are listed under –
- CVE-2025-4918 – An out-of-bounds entry vulnerability when resolving Promise objects that might enable an attacker to carry out learn or write on a JavaScript Promise object
- CVE-2025-4919 – An out-of-bounds entry vulnerability when optimizing linear sums that might enable an attacker to carry out learn or write on a JavaScript object by complicated array index sizes
In different phrases, profitable exploitation of both of the failings may allow an adversary to realize out-of-bounds learn or write, which may then be abused to entry in any other case delicate info or lead to reminiscence corruption that might pave the way in which for code execution.
The vulnerabilities have an effect on the next variations of the Firefox browser –
Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with discovering and reporting CVE-2025-4918. The invention of CVE-2025-4919 has been credited to Manfred Paul.
It is value noting that each shortcomings have been demonstrated on the Pwn2Own Berlin hacking contest final week for which they have been awarded $50,000 every.
With internet browsers persevering with to be a gorgeous vector for malware supply, customers are suggested to replace their cases to the most recent model to safeguard towards potential threats.
“Neither of the assaults managed to interrupt out of our sandbox, which is required to achieve management over the consumer’s system,” Mozilla stated in an announcement. “Regardless of the restricted impression of those assaults, all customers and directors are suggested to replace Firefox as quickly as potential.”
