The developers of Chrome, Firefox and Thunderbird released updates on Wednesday night, some of which close critical security gaps in the programs. Users should ensure that they use the updated version.
A security gap in all supported Firefox and Thunderbird versions is particularly serious. Double release of resources (Double Free) in the LIBVPX encoder in the function vpx_codec_enc_init_multi After an incorrect allocation in initializing the encoder for WebRTC, storage corruption and a possibly abusable crash can lead to. The weak point even exits the Mozilla developers as “critical“One, as they are in the Write security notification to Firefox 139.
You even first created your own CVE weak point entry (CVE-2025-5262), but withdrawn it again, since another CVE Numbering Authority (CNA) is responsible for this as Mozilla. The CISA had already proposed a CVSS calculation and came to one CVSS score from 7.5which means the risk “high” in deviation from the Mozilla classification. If the responsible CNA has created a CVE entry, the Mozilla developers want the references.
Various programs affected
The weak point closes the newly available versions Firefox 139, Firefox ESR 128.11, Firefox ESR 115.24 and also the Mail program Thunderbird 139 and 128.11. Anyone who uses this should quickly call up the version dialog of the software, which is usually in the setting menu via the symbol on the top right next to the address bar and finally under “Help” – “About
Google also has Updated versions of the Chrome-Webbrowser published. They close a total of eight security gaps, the programmers two of which have classified five as medium and a low level of threat. The high -risk gaps include, for example, access to already approved resources (use after free) in compositing, which can often abuse attackers to interlock harmful code. In addition, writing access outside of intended storage limits in the JavaScript engine V8 can have a similar effect.
Anyone who uses Chrome should therefore check that the version already stands for iOS, 137.0.7151.55 for Linux and 137.0.7151.55/56 for macOS and Windows.
Two weeks ago, Google’s developer had stuffed a security vulnerability in Chrome, for which an exploit was already circulating on the net.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.