Browser Security Update
Recently, Mozilla released security patches to fix two critical vulnerabilities in the Firefox browser, which could have potentially allowed attackers to access sensitive data or execute malicious code.
These vulnerabilities, which were demonstrated as zero-day exploits at Pwn2Own Berlin, include:
- CVE-2025-4918 – An out-of-bounds access vulnerability related to Promise object resolution, allowing an attacker to read or write on a JavaScript Promise object
- CVE-2025-4919 – An out-of-bounds access vulnerability related to linear sum optimization, allowing an attacker to read or write on a JavaScript object by manipulating array index sizes
In simpler terms, successful exploitation of either vulnerability could enable an attacker to perform out-of-bounds read or write operations, potentially leading to access to sensitive information or memory corruption that could facilitate code execution.
The affected versions of the Firefox browser are:
Edouard Bochin and Tao Yan from Palo Alto Networks are credited with discovering and reporting CVE-2025-4918, while Manfred Paul is credited with finding CVE-2025-4919.
Notably, both vulnerabilities were demonstrated at the Pwn2Own Berlin hacking contest, earning the discoverers $50,000 each.
Given the ongoing threat of malware delivery through web browsers, users are advised to update their Firefox instances to the latest version to protect against potential threats.
