[CIVN-20255-0156] Multiple Vulnerabilities in Mozilla Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Mozilla Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Mozilla Firefox versions prior to 141
Mozilla ESR versions prior to 115.26
Mozilla ESR versions prior to 128.13
Mozilla ESR versions prior to 140.1
Mozilla iOS versions prior to 141
Mozilla Thunderbird versions prior to 128.13
Mozilla Thunderbird versions prior to 140.1
Mozilla Thunderbird versions prior to 141
Overview
Multiple vulnerabilities have been reported in Mozilla products which could allow an attacker to bypass security restrictions, access sensitive information or execute arbitrary code on the targeted system.
Target Audience:
All end-user organizations and individuals using Mozilla Firefox and Thunderbird.
Risk Assessment:
High risk of unauthorized access to sensitive information.
Impact Assessment:
Potential for data theft, sensitive information disclosure and complete compromise of system.
Description
Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended Support Release) is a stable version tailored for organizations that require long-term support with only security and maintenance updates.
Multiple vulnerabilities exist in Mozilla products due to memory corruption and other issues. An attacker could exploit these vulnerabilities by convincing a victim to open a specially crafted web request or email.
Successful exploitation of these vulnerabilities could allow a remote attacker to bypass security restrictions, access sensitive information or remote code execution on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/
References
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/
CVE Name
CVE-2025-8027
CVE-2025-8028
CVE-2025-8029
CVE-2025-8030
CVE-2025-8031
CVE-2025-8032
CVE-2025-8033
CVE-2025-8034
CVE-2025-8035
CVE-2025-8036
CVE-2025-8037
CVE-2025-8038
CVE-2025-8039
CVE-2025-8040
CVE-2025-8041
CVE-2025-8042
CVE-2025-8043
CVE-2025-8044
CVE-2025-54143
CVE-2025-54144
CVE-2025-54145
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmiDmAkACgkQ3jCgcSdc
ys9kXA//fotgSFoe39OOFG4oSxmSjLbBnLxyAgl0M+dQlb1B56pkUmp9XVHyIc+/
kzb9OmTPr6rtQYmAzbC8BISd7IzjKawLufeMzO9q8OSmp7utvfWq4SbBMl1KDjQr
ltJpwJtpPOFsYlR193VsBXHgMnErjGXrC7Z55bnhYJkaGNBce8mUOLq0/zfNtr3w
6JyJ3PpW3by+UN0z602P64cP7v2xYGiZAoymHAyFf8C228GSEIKXgEM4sNR8ztUu
2Hw9sm9+QsyjXJFt/xfHF7FAPZJW474qLm7z/FkQ/ZGOo50U/Q5okfOVCDVy8Ns7
1m1EXpZf+ju81VLQsvqD1nG7RAZPmlVPYdbga6NhFHpSv9YBZ4qk8Y+jsPGDpmjk
jbsT8YkShEJ+J+iXvXx2BdwU0gOx1SYZUodNDX/181GxQSHMQV/vhbglbyCndsZI
YSHe9pjl6DvZ4wjy30BVyIQTK0Cax3WfzY7JOML2qZ4fNserCx9P0r6tgAflKQWd
LTwJIcW/GnDDNVLFcS2uGHBU+VkRitpAUmmS14b3UH8rLrg08HJDUW5U4sV8G0Nx
RtRp+EqGbUt7hakkciVqYao8lVqXsfx5GA4iy3J43jaXcEF4qXIQ7EXKymHoepPV
h74Dfz0y/kW3ocUjSWmHDf2Bm8bVB0ede9mvS46HEir4u/5egdE=
=0UQR
—–END PGP SIGNATURE—–
![[CIVN-2025-0181] Multiple vulnerabilities in Xerox FreeFlow Core](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
