Description
Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information.
Below is a complete list of vulnerabilities:
- Security bypass vulnerability in JavaScript engine can be exploited to bypass security restrictions.
- Denial of service vulnerability in large branch table can be exploited to cause denial of service.
- Code execution vulnerability in javascript URLs when used in object and embed tags can be exploited to execute arbitrary code
- Code execution vulnerability in “Copy as cURL” command can be exploited to execute arbitrary code.
- Information disclosure vulnerability in URL stripping can be exploited to obtain sensitive information.
- Security bypass vulnerability can be exploited via special crafted XSLT document to bypass security restrictions.
- Denial of service vulnerability in JavaScript state machine can be exploited to denial of service.
- Memory safety vulnerability can be exploited to execute arbitrary code.
Original advisories
Related products
CVE list
- CVE-2025-8027 high
- CVE-2025-8028 critical
- CVE-2025-8029 critical
- CVE-2025-8030 critical
- CVE-2025-8031 critical
- CVE-2025-8032 critical
- CVE-2025-8033 high
- CVE-2025-8034 critical
- CVE-2025-8035 critical
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!