—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Mozilla Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox for iOS versions prior to 143.1

Mozilla Firefox versions prior to 143.0.3

Overview

Multiple vulnerabilities have been reported in Mozilla products which could allow an attacker to perform remote code execution or disclose sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Products.

Risk Assessment:

High risk of remote code execution.

Impact Assessment:

Potential for data theft, sensitive information disclosure and complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation.

Multiple vulnerabilities exist in Mozilla products due to improper isolation of cookie storage, integer overflow in the Graphics Canvas2D component and JIT miscompilation in the JavaScript Engine. A remote    attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request.

Successful exploitation of these vulnerabilities could allow an attacker to perform remote code execution or disclose sensitive information on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2025-79/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2025-79/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-80/

CVE Name

CVE-2025-10859

CVE-2025-11152

CVE-2025-11153

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjf2rkACgkQ3jCgcSdc

ys/iiw//XTK9/TgRewo8/aZvMD03r1hy7Ar9Zlzn67gmHlEcFuDpuXslqBeq+7Z4

Oa+s9a12CJdyrAz54rEph2Jc2bMOgukjf6LToKphu0aEkzkpROZwOA9CWcaxqzuD

MWxrL8snq+zgmUhYLl7Ki3XpGwlAHx/PzowirSXgig9cz2zFamhMfUp91thqi5Mu

GLJ3QJ3phDPpNKp+N0jt6Ehy4LzVjgHFrdaVN3pr0dAHnHvE4KNuHpdSohmmG0qz

JmEYpykVHWwOs/ddHe3MpyoGw5qD7UV7rks8KaUSoBm6G126XKcoRhsVpc5N0XLb

aIDTjgUOFNirKn7KokBmHd7LPqtWS8gXQFbOdUEBbPXKareQyO8B92QNzhBlj2SS

yDMqbS7kDm5sOq2by5rfJFQI9S2Bs5L7YaOtzfkOgNoM2YWHj6Rhm6S8aFKsClTx

9E36jwyorRR8viIAH+tb/6xLDnLQa/y5wkCuE/3avu8qcv+qPkOmcjUVXWXkk7aH

yvDQpULwKlf2uUYb+wYayiEVFiaK7jcuTbXcAoI62U/OEUVlklfFc4BmaU3Pc+MJ

V19SkxZg7A7mTttuT4eAWPUlbTeiszgYey0GMyDG+QYaWe1yzqUzadqIxxyJ0FYb

Zn9hjq5Sgniutardq76Ow5I41b3+cY5H2XAW1eRlSMKkO/2nmS8=

=DQX7

—–END PGP SIGNATURE—–