Mozilla has released security updates to solve two critical security deficiencies in its Firefox browser that can be used potentially to access sensitive data or achieve code.
The vulnerabilities that were used as a zero day in Berlin Pwn2own are given below –
- CVE-2025-4918-Benching outside the bounds, when resolving promises that could allow the attacker to fulfill or write at the promise of JavaScript
- CVE-2025-4919-Involiation of access to the outdoors of linear sums that could allow the attacker to perform or write at the JavaScript facility, confusing the size
In other words, successful exploitation of any of the disadvantages may allow the enemy to reach Read outside the bounds or noteWhich can then be abused to access otherwise sensitive information or lead to corruption that can pave the way to execute the code.
The vulnerabilities affect the following versions of the Firefox columnist –
Edouard Bochin and Tao Yan with Palo Alto Networks were credited to search and report Cve-2025-4918. The opening of the CVE-2025-4919 was enlisted by the Manfred Paul.
It is worth noting that both disadvantages were demonstrated in Pwn2own berlin Last week, a burglary competition for which they were awarded $ 50,000.
If web browsers continue to remain an attractive vector for the delivery of malware, users are advised to update their instances to the latest version to protect against potential threats.
