Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards May 19, 2025Ravie LakshmananBrowser Security / Vulnerability Mozilla has released security updates to address two critical security flaws in its Firefox browser..."> Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards May 19, 2025Ravie LakshmananBrowser Security / Vulnerability Mozilla has released security updates to address two critical security flaws in its Firefox browser..." /> Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards May 19, 2025Ravie LakshmananBrowser Security / Vulnerability Mozilla has released security updates to address two critical security flaws in its Firefox browser..." />

Atualize para o Pro

Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards

May 19, 2025Ravie LakshmananBrowser Security / Vulnerability

Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.
The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below -

CVE-2025-4918 - An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object
CVE-2025-4919 - An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes

In other words, successful exploitation of either of the flaws could permit an adversary to achieve out-of-bounds read or write, which could then be abused to access otherwise sensitive information or result in memory corruption that could pave the way for code execution.

The vulnerabilities affect the following versions of the Firefox browser -

All versions of Firefox before 138.0.4All versions of Firefox Extended Support Releasebefore 128.10.1
All versions of Firefox ESR before 115.23.1

Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery of CVE-2025-4919 has been credited to Manfred Paul.
It's worth noting that both shortcomings were demonstrated at the Pwn2Own Berlin hacking contest last week for which they were awarded each.
With web browsers continuing to be an attractive vector for malware delivery, users are advised to update their instances to the latest version to safeguard against potential threats.
"Neither of the attacks managed to break out of our sandbox, which is required to gain control over the user's system," Mozilla said in a statement. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible."

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

SHARE




#firefox #patches #zerodays #exploited #pwn2own
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
May 19, 2025Ravie LakshmananBrowser Security / Vulnerability Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below - CVE-2025-4918 - An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object CVE-2025-4919 - An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes In other words, successful exploitation of either of the flaws could permit an adversary to achieve out-of-bounds read or write, which could then be abused to access otherwise sensitive information or result in memory corruption that could pave the way for code execution. The vulnerabilities affect the following versions of the Firefox browser - All versions of Firefox before 138.0.4All versions of Firefox Extended Support Releasebefore 128.10.1 All versions of Firefox ESR before 115.23.1 Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery of CVE-2025-4919 has been credited to Manfred Paul. It's worth noting that both shortcomings were demonstrated at the Pwn2Own Berlin hacking contest last week for which they were awarded each. With web browsers continuing to be an attractive vector for malware delivery, users are advised to update their instances to the latest version to safeguard against potential threats. "Neither of the attacks managed to break out of our sandbox, which is required to gain control over the user's system," Mozilla said in a statement. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #firefox #patches #zerodays #exploited #pwn2own
THEHACKERNEWS.COM
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
May 19, 2025Ravie LakshmananBrowser Security / Vulnerability Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below - CVE-2025-4918 - An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object CVE-2025-4919 - An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes In other words, successful exploitation of either of the flaws could permit an adversary to achieve out-of-bounds read or write, which could then be abused to access otherwise sensitive information or result in memory corruption that could pave the way for code execution. The vulnerabilities affect the following versions of the Firefox browser - All versions of Firefox before 138.0.4 (including Firefox for Android) All versions of Firefox Extended Support Release (ESR) before 128.10.1 All versions of Firefox ESR before 115.23.1 Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery of CVE-2025-4919 has been credited to Manfred Paul. It's worth noting that both shortcomings were demonstrated at the Pwn2Own Berlin hacking contest last week for which they were awarded $50,000 each. With web browsers continuing to be an attractive vector for malware delivery, users are advised to update their instances to the latest version to safeguard against potential threats. "Neither of the attacks managed to break out of our sandbox, which is required to gain control over the user's system," Mozilla said in a statement. "Despite the limited impact of these attacks, all users and administrators are advised to update Firefox as soon as possible." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
·92 Visualizações