Mozilla issued urgent security patches for Firefox to fix two critical zero-day vulnerabilities revealed during Pwn2Own Berlin 2025. These updates protect the Firefox browser and ESR releases from potential exploitation by malicious actors. #Mozilla #Firefox
Keypoints
- Two critical zero-day vulnerabilities were demonstrated during the Pwn2Own Berlin 2025 hacking competition.
- The first flaw, CVE-2025-4918, involves an out-of-bounds read/write in the JavaScript engine when resolving Promise objects.
- The second flaw, CVE-2025-4919, allows attackers to manipulate JavaScript objects by confusing array index sizes.
- Mozilla quickly released security updates for Firefox desktop, Android, and ESR versions to mitigate these vulnerabilities.
- While the flaws were demonstrated in a controlled environment, Mozilla warns they could be exploited in real-world attacks, emphasizing the importance of updating.