Summary
Mozilla has released security updates to fix vulnerabilities, including 3 with a “high” severity, in Firefox, Firefox ESR, and Thunderbird products.
Risk
Vulnerability Community Impact Estimation: High (65.12)
Type
· Arbitrary Code Execution
· Spoofing
Affected Products and Versions
· Thunderbird, versions prior to 134
· Thunderbird 128.x, versions prior to 128.6
· Thunderbird 115.x, versions prior to 115.19
· Firefox, versions prior to 134
· Firefox ESR 128.x, versions prior to 128.6
· Firefox ESR 115.x, versions prior to 115.19
Mitigation Actions
In line with vendor statements, it is recommended to update the affected products following the indications of the security bulletins reported in the References section.
The following are only the CVEs for vulnerabilities with a severity of “high”:
References
https://www.mozilla.org/en-US/security/advisories/mfsa2025-01
https://www.mozilla.org/en-US/security/advisories/mfsa2025-02
https://www.mozilla.org/en-US/security/advisories/mfsa2025-03
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
