Security Advisory

Mozilla Products April 2025 1st Security Update Advisory

  • Apr 03 2025
Mozilla Products April 2025 1st Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Firefox ESR, Firefox). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 137 and earlier

Firefox ESR 115.22 and earlier

Firefox ESR 128.9 and earlier

Thunderbird 128.9 and earlier

Thunderbird 137 and earlier

 

Resolved Vulnerabilities

 

Moderate tab title disclosure vulnerability in the AI chatbot feature in Firefox (CVE-2025-3035) [5]

High-level memory free and reuse (UAF) vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-3028) [1], [2], [3], [4], [5]

High-level Memory Security Verification Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-3030) [1], [2], [3], [4], [5]

Moderate Spoofing Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-3029) [1], [2], [3], [5]

Moderate vulnerability in Firefox, Thunderbird via a JIT optimization bug with varying stack slot sizes (CVE-2025-3031) [2], [5]

Moderate file descriptor leak in a forked server in Firefox, Thunderbird (CVE-2025-3032) [2], [5] [2], [5

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the April 1, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 128.9

Thunderbird version 137

Firefox ESR 128.9

Firefox ESR 115.22

Firefox version 137

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird ESR 128.9

https://www.mozilla.org/en-US/security/advisories/mfsa2025-24/

[2] Security Vulnerabilities fixed in Thunderbird 137

https://www.mozilla.org/en-US/security/advisories/mfsa2025-23/

[3] Security Vulnerabilities fixed in Firefox ESR 128.9

https://www.mozilla.org/en-US/security/advisories/mfsa2025-22/

[4] Security Vulnerabilities fixed in Firefox ESR 115.22

https://www.mozilla.org/en-US/security/advisories/mfsa2025-21/

[5] Security Vulnerabilities fixed in Firefox 137

https://www.mozilla.org/en-US/security/advisories/mfsa2025-20/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

Tags:
Previous Post

Next Post