Security Advisory

Mozilla Products January 2025 1st Security Update Advisory

  • Jan 09 2025

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox Version: ~134(exclusive)

Firefox ESR Version: ~ 115.19(exclusive)

Firefox ESR Version: ~ 128.6(exclusive)

 

Resolved Vulnerabilities

 

High Level Spoofing Vulnerability in Firefox (CVE-2025-0244) [3]

Moderate Spoofing Vulnerability in Firefox (CVE-2025-0246) [3]

Moderate Key Information Bypass Vulnerability in Firefox (CVE-2025-0245) [3]

A moderate-level JavaScript JSON module mismatch when parsing a block in Firefox, Firefox ESR (CVE-2025-0240) [2], [3]

Firefox, Moderate vulnerability in the WebChannel API in Firefox ESR where it does not check the sending party (CVE-2025-0237) [2], [3]

Firefox, Firefox ESR Moderate Alt-Svc ALPN Validation Failure on Redirect in Firefox (CVE-2025-0239) [2], [3]

Moderate Memory Security Validation Error Vulnerability in Firefox, Firefox ESR (CVE-2025-0243) [2], [3]

Moderate Memory Corruption Vulnerability in Firefox, Firefox ESR (CVE-2025-0241) [2], [3]

High Level Memory Security Verification Error Vulnerability in Firefox, Firefox ESR (CVE-2025-0242) [1], [2], [3]

Moderate Memory Release and Reuse (UAF) Vulnerability in the text function in Firefox, Firefox ESR (CVE-2025-0238) [1], [2], [3]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the 01/07/2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Firefox ESR 115.19 version

Firefox ESR 128.6

Firefox version 134

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Firefox ESR 115.19

https://www.mozilla.org/en-US/security/advisories/mfsa2025-03/

[2] Security Vulnerabilities fixed in Firefox ESR 128.6

https://www.mozilla.org/en-US/security/advisories/mfsa2025-02/

[3] Security Vulnerabilities fixed in Firefox 134

https://www.mozilla.org/en-US/security/advisories/mfsa2025-01/

[4] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

Tags:

Previous Post

Next Post