Security Advisory

Mozilla Products June 2025 1st Security Update Advisory

  • Jun 26 2025
Mozilla Products June 2025 1st Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 140 and earlier

Firefox ESR 115.25 and earlier

Firefox ESR 128.12 and earlier

 

Resolved Vulnerabilities

 

High-level memory security validation error vulnerability in Firefox (CVE-2025-6436) [3]

A moderate vulnerability exists in Firefox where, when a URL is provided in a link querystring parameter, Firefox for Android will follow that URL instead of the correct URL (CVE-2025-6428) [3]

A moderate critical information bypass vulnerability exists in Firefox (CVE-2025-6427) [3]

Moderate-level URL misparsing vulnerability in Firefox, Firefox ESR that could lead to the inclusion of youtube.com (CVE-2025-6429) [1], [3]

Moderate vulnerability in Firefox, Firefox ESR that does not display a warning when opening a terminal file executable on macOS (CVE-2025-6426) [1], [3]

Firefox, moderate vulnerability in Firefox ESR where the Content-Disposition header is ignored when a file is included (CVE-2025-6430) [1], [3]

Vulnerability in the WebCompat WebExtension shipped with Firefox in the Firefox ESR allows persistent UUID disclosure (CVE-2025-6425) [1], [2], [3]

High-level memory free and reuse (UAF) vulnerability in the FontFaceSet function in Firefox, Firefox ESR (CVE-2025-6424) [1], [2], [3]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the June 24, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Firefox ESR 128.12 version

Firefox ESR 115.25

Firefox version 140

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Firefox ESR 128.12

https://www.mozilla.org/en-US/security/advisories/mfsa2025-53/

[2] Security Vulnerabilities fixed in Firefox ESR 115.25

https://www.mozilla.org/en-US/security/advisories/mfsa2025-52/

[3] Security Vulnerabilities fixed in Firefox 140

https://www.mozilla.org/en-US/security/advisories/mfsa2025-51/

[4] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release

Tags:
Previous Post

Next Post