[CIVN-2025-0194] Multiple Vulnerabilities in Mozilla Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Mozilla Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox versions prior to 142
Mozilla Firefox ESR versions prior to 115.27
Mozilla Firefox ESR versions prior to 128.14
Mozilla Firefox ESR versions prior to 140.2
Mozilla Firefox for iOS versions prior to 142
Mozilla Focus for iOS versions prior to 142
Mozilla Thunderbird versions prior to 128.14
Mozilla Thunderbird versions prior to 140.2
Mozilla Thunderbird versions prior to 142
Overview
Multiple vulnerabilities have been reported in Mozilla products which could allow an attacker to execute arbitrary code, bypass security restrictions, cause denial of service (DoS) condition or perform spoofing attacks on the targeted system.
Target Audience:
All end-user organizations and individuals using Mozilla Firefox, Focus and Thunderbird.
Risk Assessment:
High risk of unauthorized access to sensitive information.
Impact Assessment:
Potential for data theft, sensitive information disclosure and complete compromise of system.
Description
Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended Support Release) is a stable version tailored for organizations that re-quire long-term support with only security and maintenance updates.
Multiple vulnerabilities exist in Mozilla products due to memory corruption and other issues.
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, bypass security restrictions, cause denial of service (DoS) condition or perform spoofing attacks on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/
References
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-68/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-69/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/
CVE Name
CVE-2025-9179
CVE-2025-9180
CVE-2025-9181
CVE-2025-9182
CVE-2025-9183
CVE-2025-9184
CVE-2025-9185
CVE-2025-9186
CVE-2025-9187
CVE-2025-55028
CVE-2025-55029
CVE-2025-55030
CVE-2025-55031
CVE-2025-55032
CVE-2025-55033
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmituxkACgkQ3jCgcSdc
ys9xCg/+LoZWpDtCBi2wsp54kBbZVLrJiwIe8XOSLUSRXLmwYa26bfJLFVoWRKM7
6iiwhrgjVgJDmHXkswSAqtxpSDAohuiRhYR02NPO8OizfZh3821g0RcXjXzbhZMS
uGcj/EretG7bQqs5ATy5MfmkLpu7Rexd/Rd4Cm87Ip5c3Fh/U6kHXVxj7bt5kI4M
TpYZOVl6ZbmpcVp1hwim8HZRwVNHBOQO80htJc6ZBWJ8GqbaU9KTYNJ9DR/F36CV
FknZ/sN+ZVF9pbM38gRfQ5wJuXqDS5Z2/5YAhw4jdIajS2Nl8rot56jJlYw8dpjM
Uk+GfND1CdhdfmGl/RQ247pDiUR7QuCqICnwC+xQ5JwccL0JgMygBu6XuXn6qG3B
OihiNzGJG9/CY4Rh/T22VZCFMRkACxtDO8blNQ7ZGj9NvBE1xVvmwT4diPJFX+Fy
PeRdhz38VThE5yG5OQiyw9+WWg8UiF8g+19Q01WvjjvaVRAXwSke/NGN1bX99Cw2
NGMPmJTsY8Xq3MjN4rPWmD0eItnM+yFYDeKcYknpjb5g4gGiYQhDxenGa9Fp509Z
85pM04xcwdgtH4KnUcqWBNPsSETN5VW3NCbg7OitcG23g0DASgS5kE63LnLBOPlG
ERq74AB/k96/bMwUOYg/ttGGJvZxkzcFXAKRCI7rYJBhOxnUiOA=
=aSqx
—–END PGP SIGNATURE—–
![[CIVN-2025-0195] Multiple Vulnerabilities in Microsoft Products](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
