Multiple vulnerabilities in Mozilla Firefox and Thunderbird, reported by CERT-In, can lead to code execution, system instability, and privilege escalation.

Overview

Mozilla products, including the popular Mozilla Firefox and Thunderbird, have been found to contain multiple vulnerabilities that could allow attackers to execute arbitrary code, cause system instability, and even gain escalated privileges. The severity of these issues is high, and they affect both desktop and mobile versions of Mozilla’s browser and email client.

The Indian Computer Emergency Response Team (CERT-In) reported these Mozilla vulnerabilities in an advisory published on January 20, 2025, with patches already available in recent updates. Users and organizations relying on Mozilla Firefox, Mozilla Thunderbird, and their extended support release (ESR) versions are advised to take immediate action to mitigate risks.

The Mozilla vulnerabilities are present in several versions of Mozilla Firefox and Thunderbird, specifically:

• Mozilla Firefox versions prior to 134
• Mozilla Firefox ESR versions prior to 128.6
• Mozilla Firefox ESR versions prior to 115.19
• Mozilla Thunderbird versions prior to 134
• Mozilla Thunderbird ESR versions prior to 128.6
• Mozilla Thunderbird ESR versions prior to 115.19

The issues are critical for both individual users and enterprises using these open-source applications for browsing and communication. Users should ensure they have the latest updates installed to avoid potential exploits.

Overview of the Mozilla Vulnerabilities

A range of vulnerabilities has been identified in Mozilla Firefox and Thunderbird, with the potential to allow attackers to perform actions such as remote code execution (RCE), denial of service (DoS) attacks, bypass security restrictions, or even spoof system elements. Mozilla has provided security patches in versions 134 for Firefox and Thunderbird, as well as in the ESR releases 128.6 and 115.19. These issues are significant because they provide opportunities for remote attackers to exploit weaknesses in the software without needing to interact directly with the targeted system.

Vulnerabilities in Mozilla Firefox and Thunderbird have been classified with high and moderate severity levels, as attackers could gain unauthorized access to sensitive information, execute arbitrary code, or disrupt normal system operations. The full exploitation of these vulnerabilities may result in system instability or a complete compromise of the affected device.

Key Vulnerabilities

Several vulnerabilities have been identified and addressed across Mozilla Firefox and Thunderbird. Below are some of the notable issues that have been fixed in the latest updates:

1. CVE-2025-0244: Address Bar Spoofing in Firefox for Android
   1. Impact: High
   1. Description: This vulnerability allowed an attacker to spoof the address bar in Firefox for Android when redirecting to an invalid protocol scheme. This could mislead users into believing they were on a legitimate site, facilitating phishing and other malicious activities.
   1. Note: This issue only affected Android operating systems.
2. CVE-2025-0245: Lock Screen Setting Bypass in Firefox Focus for Android
   1. Impact: Moderate
   1. Description: A flaw in Firefox Focus allowed attackers to bypass user authentication settings for the lock screen, potentially giving unauthorized individuals access to the application.
3. CVE-2025-0237: WebChannel API Vulnerability
   1. Impact: Moderate
   1. Description: The WebChannel API, used for communication across processes in Firefox and Thunderbird, did not properly validate the sender’s principal. This could lead to privilege escalation attacks, allowing attackers to perform actions with higher privileges than intended.
4. CVE-2025-0239: Memory Corruption via JavaScript Text Segmentation
   1. Impact: Moderate
   1. Description: A flaw in how Firefox and Thunderbird handled JavaScript text segmentation could cause memory corruption, which might lead to crashes or, in some cases, the execution of arbitrary code.
5. CVE-2025-0242: Memory Safety Bugs
   1. Impact: High
   1. Description: Several memory safety bugs were discovered in both Firefox and Thunderbird that showed signs of memory corruption. If exploited, these bugs could allow remote attackers to execute arbitrary code, compromising system security.
   1. Fixed in: Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, Thunderbird 128.6

These vulnerabilities in Mozilla products are part of a broader set of security flaws that the Mozilla team has identified and addressed. The vulnerabilities affect multiple platforms, including desktop and mobile versions, and may result in severe security breaches if not patched.

Recommendations for Users

Given the potential impact of these Mozilla vulnerabilities, it is crucial for all users to update their systems to the latest versions of Mozilla Firefox or Thunderbird. The updates, which are available for both standard and ESR releases, fix critical security flaws and improve overall system stability. Additionally, users are advised to consider the following precautions:

• Ensure that Mozilla Firefox and Thunderbird are updated to versions 134 or higher, or to the appropriate ESR releases (128.6 or 115.19).
• Keep an eye on system behavior for signs of malicious exploitation, such as unexpected crashes or unauthorized access.
• For those using Mozilla Firefox or Thunderbird in a business environment, enable multifactor authentication and other security features to limit exposure to attacks.

Without the proper patches, attackers can exploit Mozilla Firefox vulnerabilities to gain access to sensitive data, compromise user systems, and cause severe disruptions. Memory corruption issues, such as those reported in CVE-2025-0242, could lead to remote code execution, allowing attackers to hijack user systems or deploy malware. Furthermore, flaws like CVE-2025-0244 could facilitate phishing campaigns by spoofing URLs in the address bar, tricking users into visiting malicious websites.

Conclusion

Mozilla has released important security fixes for vulnerabilities in Mozilla Firefox and Mozilla Thunderbird that affect a wide range of users. These vulnerabilities, which could lead to arbitrary code execution, denial of service, or privilege escalation, are present in older versions of the software. Users are strongly advised to upgrade to the latest versions to protect against potential exploitation. Additionally, by applying recommended mitigations and staying informed about the latest security updates, users can better protect their systems from cyber threats.

To protect online systems against these vulnerabilities, Cyble, an award-winning cybersecurity firm, offers advanced, AI-powered cybersecurity solutions. With platforms like Cyble Vision, businesses can leverage real-time threat detection and actionable insights to mitigate risks from these vulnerabilities, including Mozilla vulnerabilities. Cyble’s comprehensive suite of tools, including vulnerability management, dark web monitoring, and brand intelligence, helps organizations proactively address security gaps. By integrating Cyble’s threat intelligence, companies can enhance their defenses and better protect against cyberattacks.

For more information on how Cyble can help protect your systems, schedule a personalized demo and see how AI-driven solutions can strengthen your cybersecurity strategy.

References

• https://www.cert-in.org.in/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/

Related