Attackers can attack systems on which Firefox or Thunderbird is installed. The iOS version of Firefox is also affected. Safety updates close, among other things, malicious code gaps.
Repaired versions
In the security area of the Mozilla website the recently closed weaknesses are listed. It remains unclear which operating systems are specifically affected. The following editions are covered against possible attacks:
- Firefox 142
- Firefox ESR 115.27
- Firefox ESR 128.14
- Firefox ESR 140.2
- Firefox for iOS 142
- Thunderbird 128.14
- Thunderbird140.2
- Thunderbird 142
Effects of attacks
In the context of the audio/video GMP component, attackers can trigger a storage error on a non-closer path and thus break out of the sandbox. The security gap (CVE 2025-9179) is with the degree of threat “high“classified. It affects Firefox and Thunderbird.
In addition, further memory errors (CVE 2025-9185 “high“) Systems get to systems. Afterwards, computers are generally considered to be fully compromised. Among other things, XSS attacks can be conceived under iOS (CVE-2025-55032”high“).
So far there is no information about ongoing attacks. So far, it remains unclear how you can recognize systems that have already been successfully attacked. Users should ensure that you have installed a version covered against the attacked attacks.
Most recently, Mozilla warned of phishing attacks on add-on developers in early August. Unknown attackers wanted to compensate for fake emails from developers. The extent to which this campaign was running and had success is currently not known.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.