Mozilla has released a security update to address two important security flaws in the Firefox browser. This can potentially be exploited to access sensitive data and achieve code execution.
Below is a list of vulnerabilities that both exploited as zero-days in PWN2Own Berlin –
CVE-2025-4918 – Outbound access vulnerability if attacker can resolve promise objects that can read or write to JavaScript Promise objects, CVE-2025-4919 – Outbound access vulnerability if attacker can confuse indexes of indexes and optimize linear sums that allow attacker to execute or write JavaScript objects
In other words, the successful exploitation of any flaw allows the enemy to achieve out-of-bounds reads or writes. This can lead to abuse as being abused.
The vulnerability affects the next version of the Firefox browser –
Edouard Bochin and Tao Yan of Palo Alto Networks are believed to have found and reported CVE-2025-4918. The discovery of CVE-2025-4919 is credited to Manfred Paul.
Note that the defects of both were demonstrated at last week’s PWN2Own Berlin Hacking Contest, which was awarded $50,000 each.
As web browsers continue to be an attractive vector for malware delivery, users are encouraged to update their instances to the latest version to prevent potential threats.
Source link
