Could 19, 2025Ravie LakshmananBrowser Safety / Vulnerability
Mozilla has launched safety updates to handle two essential safety flaws in its Firefox browser that may very well be doubtlessly exploited to entry delicate knowledge or obtain code execution.
The vulnerabilities, each of which have been exploited as a zero-day at Pwn2Own Berlin, are listed beneath –
CVE-2025-4918 – An out-of-bounds entry vulnerability when resolving Promise objects that would enable an attacker to carry out learn or write on a JavaScript Promise object
CVE-2025-4919 – An out-of-bounds entry vulnerability when optimizing linear sums that would enable an attacker to carry out learn or write on a JavaScript object by complicated array index sizes
In different phrases, profitable exploitation of both of the failings might allow an adversary to realize out-of-bounds learn or write, which might then be abused to entry in any other case delicate data or end in reminiscence corruption that would pave the way in which for code execution.
The vulnerabilities have an effect on the next variations of the Firefox browser –
Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with discovering and reporting CVE-2025-4918. The invention of CVE-2025-4919 has been credited to Manfred Paul.
It is price noting that each shortcomings have been demonstrated on the Pwn2Own Berlin hacking contest final week for which they have been awarded $50,000 every.
With net browsers persevering with to be a gorgeous vector for malware supply, customers are suggested to replace their situations to the newest model to safeguard towards potential threats.
Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.
