- 167/2025
- High
Mozilla has released an updated Firefox version 141, Firefox ESR versions 140.1, 128.13, and 115.26 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the remote attacker to perform a denial of service attack, bypass security restrictions, obtain sensitive information, gain elevated privileges, execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Code Execution Vulnerability (CVE-2025-8035):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Mozilla Firefox Information Disclosure Vulnerability (CVE-2025-8027):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain information
Vulnerabilities
- CVE-2025-8027
- CVE-2025-8028
- CVE-2025-8029
- CVE-2025-8030
- CVE-2025-8031
- CVE-2025-8032
- CVE-2025-8033
- CVE-2025-8034
- CVE-2025-8035
- CVE-2025-8036
- CVE-2025-8037
- CVE-2025-8038
- CVE-2025-8039
- CVE-2025-8040
- CVE-2025-8041
- CVE-2025-8042
- CVE-2025-8043
- CVE-2025-8044
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.