- 116/2025
- High
Mozilla has released an updated Firefox version 139, Firefox ESR versions 128.11 and 115.24 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to obtain sensitive information or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Unencrypted SNI Information Disclosure Vulnerability (CVE-2025-5270):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Mozilla Firefox Memory Buffer Vulnerability (CVE-2025-5272):
- CVSS: 7.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2025-5263
- CVE-2025-5264
- CVE-2025-5265
- CVE-2025-5266
- CVE-2025-5267
- CVE-2025-5268
- CVE-2025-5269
- CVE-2025-5270
- CVE-2025-5271
- CVE-2025-5272
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.