Summary: Mozilla has released Firefox 137.0.2 to address a high-severity security flaw, CVE-2025-3608, related to memory corruption within the nsHttpTransaction component. The vulnerability could allow attackers to execute arbitrary code or destabilize the browser, though there is no evidence of real-world exploitation. Users are urged to update their browsers to mitigate risks associated with this flaw.
Affected: Mozilla Firefox
Keypoints :
- Vulnerability created by a race condition in the nsHttpTransaction component.
- Potential for arbitrary code execution or browser instability.
- Strong recommendation for users to update to Firefox 137.0.2 or later.
- Discovery credited to Mozilla’s Fuzzing Team via automated testing techniques.
- Importance of regular updates to ensure security and functionality.
Source: https://gbhackers.com/firefox-fixes-high-severity-vulnerability/