[CIVN-2025-0237] Multiple Vulnerabilities in Mozilla Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Mozilla Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox for iOS versions prior to 143.1
Mozilla Firefox versions prior to 143.0.3
Overview
Multiple vulnerabilities have been reported in Mozilla products which could allow an attacker to perform remote code execution or disclose sensitive information on the targeted system.
Target Audience:
All end-user organizations and individuals using Mozilla Products.
Risk Assessment:
High risk of remote code execution.
Impact Assessment:
Potential for data theft, sensitive information disclosure and complete compromise of system.
Description
Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation.
Multiple vulnerabilities exist in Mozilla products due to improper isolation of cookie storage, integer overflow in the Graphics Canvas2D component and JIT miscompilation in the JavaScript Engine. A remote attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.
Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution or disclose sensitive information on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/
References
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2025-79/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/
CVE Name
CVE-2025-10859
CVE-2025-11152
CVE-2025-11153
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjf2rkACgkQ3jCgcSdc
ys/iiw//XTK9/TgRewo8/aZvMD03r1hy7Ar9Zlzn67gmHlEcFuDpuXslqBeq+7Z4
Oa+s9a12CJdyrAz54rEph2Jc2bMOgukjf6LToKphu0aEkzkpROZwOA9CWcaxqzuD
MWxrL8snq+zgmUhYLl7Ki3XpGwlAHx/PzowirSXgig9cz2zFamhMfUp91thqi5Mu
GLJ3QJ3phDPpNKp+N0jt6Ehy4LzVjgHFrdaVN3pr0dAHnHvE4KNuHpdSohmmG0qz
JmEYpykVHWwOs/ddHe3MpyoGw5qD7UV7rks8KaUSoBm6G126XKcoRhsVpc5N0XLb
aIDTjgUOFNirKn7KokBmHd7LPqtWS8gXQFbOdUEBbPXKareQyO8B92QNzhBlj2SS
yDMqbS7kDm5sOq2by5rfJFQI9S2Bs5L7YaOtzfkOgNoM2YWHj6Rhm6S8aFKsClTx
9E36jwyorRR8viIAH+tb/6xLDnLQa/y5wkCuE/3avu8qcv+qPkOmcjUVXWXkk7aH
yvDQpULwKlf2uUYb+wYayiEVFiaK7jcuTbXcAoI62U/OEUVlklfFc4BmaU3Pc+MJ
V19SkxZg7A7mTttuT4eAWPUlbTeiszgYey0GMyDG+QYaWe1yzqUzadqIxxyJ0FYb
Zn9hjq5Sgniutardq76Ow5I41b3+cY5H2XAW1eRlSMKkO/2nmS8=
=DQX7
—–END PGP SIGNATURE—–