Security Advisory

Mozilla Products May 2025 Secondary Security Update Advisory

  • May 29 2025
Mozilla Products May 2025 Secondary Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Thunderbird, Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 139 and earlier

Firefox ESR 115.24 and earlier

Firefox ESR 128.11 and earlier

Thunderbird 128.11 and earlier

Thunderbird 139 and earlier

 

Resolved Vulnerabilities

 

Moderate Memory Safety Bug Vulnerability in Firefox ESR, Thunderbird (CVE-2025-5269) [1], [3]

Moderate error handling for script execution was incorrectly separated from web content in Firefox, Firefox ESR, and Thunderbird (CVE-2025-5263) [1], [2], [3], [4], [5]

Moderate potential local code execution vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-5264) [1], [2], [3], [4], [5]

Moderate Memory Security Validation Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-5268) [1], [2], [3], [4], [5

Moderate remote code execution vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-5266) [1], [2], [3], [5]

Severe Double-free vulnerability in the libvpx encoder function in Thunderbird (CVE-2025-5262) [1], [2]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the May 27, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 128.11

Thunderbird version 139

Firefox ESR 128.11

Firefox ESR 115.24

Firefox version 139

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 128.11

https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/

[2] Security Vulnerabilities fixed in Thunderbird 139

https://www.mozilla.org/en-US/security/advisories/mfsa2025-45/

[3] Security Vulnerabilities fixed in Firefox ESR 128.11

https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/

[4] Security Vulnerabilities fixed in Firefox ESR 115.24

https://www.mozilla.org/en-US/security/advisories/mfsa2025-43/

[5] Security Vulnerabilities fixed in Firefox 139

https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

Tags:
Previous Post

Next Post