- 190/2025
- High
Mozilla has released an updated Firefox version 142, Firefox ESR versions 140.2, 128.14, and 115.27 to fix multiple vulnerabilities.
The addressed vulnerabilities could allow the attacker to perform a denial of service attack, spoofing attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. Mozilla Firefox Code Execution Vulnerability (CVE-2025-9184):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Mozilla Firefox Policy Bypass Vulnerability (CVE-2025-9180):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Consequences: Obtain Information
Vulnerabilities
- CVE-2025-9179
- CVE-2025-9180
- CVE-2025-9181
- CVE-2025-9182
- CVE-2025-9183
- CVE-2025-9184
- CVE-2025-9185
- CVE-2025-9186
- CVE-2025-9187
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.