Mozilla Just Patched Two Firefox Zero-Days Discovered in a Hacking Competition

Posted on by

If you’re a Firefox user, you’ll need to update your browser. Mozilla has released a security patch for two zero-day vulnerabilities that were discovered at the recent Pwn2Own hacking competition in Berlin. Zero-day vulnerabilities are critical security vulnerabilities that were actively exploited or publicly disclosed before an official fix was available.

Browsers are targets for malware, and Firefox isn’t the only browser to have seen zero-day exploits in recent days. Earlier this month, Google issued an emergency patch for Chrome to fix a high-severity vulnerability (CVE-2025-4664) that allowed full account takeover — CISA later confirmed that the vulnerability was actively used in attacks. (If you use Chrome, you should consider other privacy-focused alternative browsers anyway.)

Zero-day vulnerabilities discovered in Firefox

Both zero-day exploits discovered at Pwn2Own Berlin are out-of-bounds vulnerabilities that allow attackers to read or write data, potentially accessing sensitive information or allowing code execution. CVE-2025-4918 allows reading or writing a JavaScript Promise object (a proxy value for a process that has not yet completed), while CVE-2025-4919 allows reading or writing a JavaScript object (a set of “properties,” which are associations between keys and values).

CVE-2025-4918 was discovered by Eduard Bochin and Tao Yan of Palo Alto Networks, and CVE-2025-4919 was reported by Manfred Pohl, who each won $50,000 for their hacks.

The following versions of Firefox are vulnerable to these vulnerabilities and should be updated:

What do you think at the moment?

  • Firefox up to version 138.0.4

  • Firefox Extended Support (ESR) release to version 128.10.1

  • Firefox ESR to 115.23.1

  • Firefox for Android

While Mozilla quickly patched these flaws, the company notes that none of them escaped Firefox’s sandbox, which would have been necessary to take control of a target machine. That’s a good sign for Firefox’s overall security, as attackers in previous Pwn2Own competitions have successfully escaped the sandbox. Still, Mozilla recommends that all users install the new patches as soon as possible.

How to Update Firefox to the Latest Version

If you’re a Firefox user, make sure your browser is up to date. You can check which version you have by going to Firefox > About Firefox . Click the Restart to update Firefox button if it appears.

More…

Security

Leave a Reply