Hash: SHA256

Multiple Vulnerabilities in Mozilla Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Mozilla Firefox versions prior to 140

Mozilla Firefox ESR versions prior to 115.25

Mozilla Firefox ESR versions prior to 128.12

Overview

Multiple vulnerabilities have been reported in Mozilla products which could allow an attacker to cause memory corruption, gain access to sensitive information, execute arbitrary code, bypass security restrictions and gain elevated privileges on the targeted system.

Target Audience:

All end-user organizations and individuals using Mozilla Firefox and Firefox ESR.

Risk Assessment:

High risk of unauthorized access to sensitive data.

Impact Assessment:

Potential for data theft, sensitive information disclosure or complete compromise of system.

Description

Mozilla Firefox is a free and open-source web browser developed by Mozilla foundation, while Firefox ESR (Extended Support Release) is a stable version tailored for organizations that require long-term support with only security and maintenance updates.

Multiple vulnerabilities exist in Mozilla products due to memory corruption and other issues. A remote attacker could exploit these vulnerabilities by convincing a victim into triggering a specially crafted web request.

Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, gain access to sensitive information, execute arbitrary code, bypass security restrictions and gain elevated privileges on the targeted system.

Solution

Apply appropriate software updates as mentioned by the vendor:

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/

Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52/

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/

CVE Name

CVE-2025-6424

CVE-2025-6425

CVE-2025-6426

CVE-2025-6427

CVE-2025-6428

CVE-2025-6429

CVE-2025-6430

– – —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmhmmfcACgkQ3jCgcSdc

ys8rdBAAgnuEkEj+KJ6K56QRw18YgoOun8gPFm4s7V5D+9kBtAp+ICRRYBDEfttt

+ueSmn+ICI2B4AmYtemQyiuOas1/RxmW8H+YCc1kaBC9TUa7s4wrMvYtv3kEmYIT

xyo5jTIqPaXxfNVQY3zU8TUx2eWZbRe3ke9u5up363mVr/ueN91a9bR23rUTBTQY

4sME6gPuSIvfcpwLT1LAjVJgRX2+UEfJN5F/FhPlVY/lknHvpqAp0yIA3fZrX2Zp

jtm67bvBFU166Xiu4xfZ/qPKstF2xBqr1m9g/R9tFI/7D1aqamYbMAeKhFNX7phq

IqXdp4rjdpYd0ALEmbfGabsIqTUjMEMu4RJJagfes6XJstBxJy14Rmvm3jrmUNNt

diuw/GfVgybTGRGkeailtC/FZqm8Htu/44Cj4ABZGnI9sbGVkOUaiqMKtvmfwVdm

VEtL+3Vo50aH1wLFmZ6vGroslJvpf31M+XNi3F7bL5a1SIzxOx3eLZiah6d4uS51

NjpmPpSm7DJHfIaP4ex9kznA95RzoCwtOlkGa8jvZzzY7p9CXyMM5zw+XdKGuj1A

MlZN3Hxn3QIiYoN1SIxcyRQVMCiik7Az2cAY5nsBFsw/CX4DwBkqIYeOOynbKRW4

kS632LDkiSiiyXckt1T1PRY5IYEkFIY2KsOVHP3HKU8UfEf+Sqs=

=M4vf

—–END PGP SIGNATURE—–