Multiple vulnerabilities in Mozilla Firefox ESR

Description

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

1. Security bypass vulnerability in JavaScript engine can be exploited to bypass security restrictions.
2. Denial of service vulnerability in large branch table can be exploited to cause denial of service.
3. Code execution vulnerability in javascript URLs when used in object and embed tags can be exploited to execute arbitrary code
4. Security bypass vulnerability in cached CORS can be exploited to bypass security restrictions.
5. Security bypass vulnerability in cookie can be exploited to bypass security restrictions.
6. Code execution vulnerability in “Copy as cURL” command can be exploited to execute arbitrary code.
7. Information disclosure vulnerability in URL stripping can be exploited to obtain sensitive information.
8. Security bypass vulnerability can be exploited via special crafted XSLT document to bypass security restrictions.
9. Security bypass vulnerability in CSP frame-src can be exploited to bypass security restrictions.
10. Security UI vulnerability in URL bar can be exploited to spoof user interface.
11. Denial of service vulnerability in JavaScript state machine can be exploited to denial of service.
12. Memory safety vulnerability can be exploited to execute arbitrary code.

Original advisories

• MFSA2025-59

Related products

• Mozilla-Firefox-ESR

CVE list

• CVE-2025-8027
  high
• CVE-2025-8028
  critical
• CVE-2025-8029
  critical
• CVE-2025-8030
  critical
• CVE-2025-8031
  critical
• CVE-2025-8032
  critical
• CVE-2025-8033
  high
• CVE-2025-8034
  critical
• CVE-2025-8035
  critical
• CVE-2025-8036
  critical
• CVE-2025-8037
  critical
• CVE-2025-8038
  critical
• CVE-2025-8039
  critical
• CVE-2025-8040
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com