Saturday, June 14, 2025
Advertisements

Critical Firefox 0-Day Vulnerabilities Allow Remote Code Execution

by Charline
written by Charline

Mozilla has released an urgent security update to fix two critical vulnerabilities in Firefox. These flaws could allow attackers to execute malicious code on users’ computers with minimal user interaction.

Details of the Vulnerabilities

The issues affect multiple Firefox versions, including standard and Extended Support Release (ESR) editions. Attackers can exploit the vulnerabilities by tricking users into visiting specially crafted malicious websites, which trigger out-of-bounds memory operations in Firefox’s JavaScript engine.

Two severe vulnerabilities—tracked as CVE-2025-4918 and CVE-2025-4919—were discovered by security researchers working with Trend Micro’s Zero Day Initiative. Mozilla has rated both as “critical.”

Advertisements

CVE-2025-4918

This flaw involves out-of-bounds read or write when handling JavaScript Promise objects. Researchers Edouard Bochin and Tao Yan of Palo Alto Networks reported the issue. According to Mozilla, “An attacker could perform an out-of-bounds read or write on a JavaScript Promise object,” which may lead to arbitrary code execution.

Advertisements

CVE-2025-4919

This vulnerability allows attackers to cause out-of-bounds read or write by confusing array index sizes on JavaScript objects. Security researcher Manfred Paul identified this flaw.

Advertisements

Affected Versions and Impact

The vulnerabilities impact the following Firefox versions:

Advertisements
  • Firefox versions prior to 138.0.4
  • Firefox ESR versions prior to 128.10.1 and 115.23.1

Security firm Cybersecurity Help notes the affected range includes Firefox 110.0 through 138.0.3 and ESR versions 102.0 through 128.10.0.

Both vulnerabilities carry a CVSS 3.1 base score of 8.8 (High), indicating a serious risk of remote code execution if exploited.

Immediate Update Recommended

Mozilla swiftly addressed these flaws after demonstrations at the Pwn2Own 2025 security contest. Users are strongly advised to update Firefox immediately to:

  • Firefox 138.0.4
  • Firefox ESR 128.10.1
  • Firefox ESR 115.23.1

To update, users can select Help > About Firefox from the browser menu. Mac users should select About Firefox from the Firefox menu.

Expert Advice

Security experts warn these vulnerabilities could already be exploited in the wild. Promptly applying updates is critical to protect systems and personal data from compromise.

As web-based attacks grow more sophisticated, keeping browsers and software up to date remains a key defense.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

How to Use Proxy in Brave Browser | Step-by-Step Guide

How to Use Proxy in Chrome on Android — Step-by-Step Guide

How to Use SOCKS5 Proxy on Chrome? A Comprehensive Guide

How to Use VPN and Proxy Together? A Comprehensive Guide

How to Open Blocked Websites by Proxy — A Complete Guide

How to Use Google Translate as a Proxy? A Step-by-Step Guide

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

The Five Best Free Proxy Servers
Is FoxyProxy Safe?
AI Demand Drives Record Revenue Growth in Server and Storage Components
How Does a Web Proxy Work?

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com