Attackers can start on two security gaps in Firefox, Firefox for Android and Firefox ESR to attack PCs. Safe versions have now appeared. There is currently no evidence that attackers already take advantage of the gaps.
Install security updates
The two weak points (CVE 2025-4981, CVE 2025-4919) States Mozilla as “critical”. In both cases, memory errors occur in the context of JavaScript. In such a state, malicious code usually reaches systems and compromises it.
In contrast, the following editions are protected:
- Firefox 138.0.4
- Firefox Android 138.0.4
- Firefox ESR 115.23.1
- Firefox ESR 128.10.1
The gaps have discovered security researchers in the course of the Hacking competition PWN2OWN. The event took place in Germany for the first time this year. Overall, the organizers of Trend Micro distributed prize money of over one million US dollars.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.