Naijacrux News:Welcome to Naijacrux Online Forum..Great Place To Get Tips Facts Updates and More ,Interact Discuss & Learn With Others !!.remember to register to enjoy much more update!!!New Updates From Naijacrux -Naijacrux Is Now Mobile Friendly - Download Our Android App On Our Forum Rules And Announcement Section.Our App Will be Live On Google Playstore And IOS Store Soon Aswell - CLICK HERE TO DOWNLOAD NAIJACRUX ANDROID APP !!! Dear Guest And Naijacrux Dedicated Members,!!! ,  You Can Now Receive Naijacrux Weekly New Post and Updates Via Email by Subscribing To Our Newsletter Using The Subscribe Button Above The Naijacrux Announcement And Discussion At The Top Home Page!!Never Miss A New Post And Updates Again.!Thank You.  !!!YOU ARE WELCOME TO NAIJACRUX INFORMATIVE LEARNING AND INTERACTIVE FORUM.This Website is an Intensive Forum of Learning We recommend you Register & Login to Enjoy much free stuffs ::>>Also remember to Update your Profile Immediately after registration. Thank you!>>>!!!!To All Advertisers And Patronizers, kindly Send Mail To [email protected] For adverts Placement. thanks!!!


Author Topic: Mozilla Just Patched Two Firefox Zero-Days Discovered at a Hacking Contest  (Read 412 times)

0 Members and 1 Guest are viewing this topic.

Offline Nairaland

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 405
  • Karma: +0/-0
Advertisement
Mozilla Just Patched Two Firefox Zero-Days Discovered at a Hacking Contest

If you're a Firefox user, you need to update your browser. Mozilla has released a security patch for two zero-day vulnerabilities identified at the recent Pwn2Own hacker contest held in Berlin. Zero-days are critical security flaws that have been actively exploited or publicly disclosed before an official fix is available.

Browsers are targets for malware, and Firefox isn't the only browser to discover zero-day exploits in recent days. Earlier this month, Google released an emergency patch for Chrome to address a high-severity vulnerability (CVE-2025-4664) that permitted full account takeover—CISA later confirmed that this flaw was being actively exploited in attacks. (If you're using Chrome, you should consider other privacy-focused browser alternatives anyway.)

Zero-days discovered in Firefox

Both zero-day exploits discovered at Pwn2Own Berlin are out-of-bounds flaws that allow attackers to read or write data, potentially gaining access to sensitive information or permitting code execution. CVE-2025-4918 allows read or write on a JavaScript Promise object (a proxy value for a process that hasn't been completed yet) while CVE-2025-4919 permits read or write on a JavaScript object (a collection of "properties," which are associations between keys and values).

CVE-2025-4918 was discovered by Edouard Bochin and Tao Yan from Palo Alto Networks, while CVE-2025-4919 was reported by Manfred Paul—each won $50,000 for their hacks.

The following versions of Firefox are vulnerable to these flaws and should be updated: 

  • Firefox before 138.0.4

  • Firefox Extended Support Release (ESR) before 128.10.1

  • Firefox ESR before 115.23.1

  • Firefox for Android

While Mozilla was quick to address these flaws, the company notes that neither broke out of Firefox's "sandbox," which would be required in order to take control of a target's machine. That's a good sign for Firefox's overall security, as attackers at previous Pwn2Own competitions successfully broke out of the sandbox. Still, Mozilla recommends all users install the new patches as soon as possible.

How to update Firefox to the latest version

If you're a Firefox user, make sure your browser is up to date. You can check which version you're on by going to Firefox > About Firefox. Click the Restart to Update Firefox button if it appears.


Source: Mozilla Just Patched Two Firefox Zero-Days Discovered at a Hacking Contest