Mozilla Products July 2025 First Round Security Update Advisory
Overview
An update has been made available to address a vulnerability in the Mozilla family of products (Thunderbird, Firefox for iOS, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.
Affected Products
Firefox 141 and earlier
Firefox ESR 115.26 and earlier
Firefox ESR 128.13 and earlier
Firefox ESR 140.1 and earlier
Firefox for iOS 141 and earlier
Thunderbird 128.13 and earlier
Thunderbird 140.1 and earlier
Thunderbird 141 and earlier
Resolved Vulnerabilities
High level memory security verification error vulnerability in Firefox ESR, Thunderbird (CVE-2025-8034) [1], [2], [5], [6], [7]
A moderate vulnerability in Firefox for iOS exists where scanning a malicious URL with a QR code scanner using Firefox’s open text method could result in arbitrary website loading (CVE-2025-54145) [4]
Moderate internal Firefox open text URL scheme vulnerability in Firefox for iOS that could allow arbitrary URL loading (CVE-2025-54144) [4]
Moderate vulnerability in Firefox for iOS that allows arbitrary file downloads (CVE-2025-54143) [4]
Moderate Arbitrary File Downloadable Vulnerability in Firefox (CVE-2025-8042) [8]
Moderate Malformed URL Truncation Vulnerability in Firefox (CVE-2025-8041) [8]
High-level JavaScript engine wrote only a portion of the return value to the stack in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8027) [1], [2], [3], [5], [6], [7], [8]
Large high-level branching tables in Firefox, Firefox ESR, and Thunderbird could lead to command truncation (CVE-2025-8028) [1], [2], [3], [5], [6], [7], [8]
Moderate JavaScript vulnerability in Firefox, Firefox ESR, and Thunderbird: URLs executed from objects and embed tags (CVE-2025-8029) [1], [2], [3], [5], [6], [7], [8]
Moderate potential user-assisted code execution vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8030) [1], [2], [3], [5], [6], [8]
Moderate Key Information Bypass Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8032) [1], [2], [3], [5], [6], [8]
Moderate malformed URL removal vulnerability in the CSP reports feature in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8031) [1], [2], [3], [5], [6], [8]
Moderate DNS Rebinding Bypasses CORS in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8036) [1], [3], [5], [8]
Moderate Nameless Cookies Hide Secure Cookies in Firefox, Firefox ESR, and Thunderbird (CVE-2025-8037) [1], [3], [5], [8]
High-level memory security validation error vulnerability in Firefox and Thunderbird (CVE-2025-8044) [3], [8]
Moderate malformed URL truncation vulnerability in Thunderbird (CVE-2025-8043) [3]
Vulnerability Patches
The following Vulnerability Patches were made available in the July 22, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.
Thunderbird version 140.1
Thunderbird version 128.13
Thunderbird version 141
Firefox for iOS version 141
Firefox ESR version 140.1
Firefox ESR 128.13 version
Firefox ESR 115.26
Firefox version 141
Referenced Sites
[1] Security Vulnerabilities fixed in Thunderbird 140.1
https://www.mozilla.org/en-US/security/advisories/mfsa2025-63/
[2] Security Vulnerabilities fixed in Thunderbird 128.13
https://www.mozilla.org/en-US/security/advisories/mfsa2025-62/
[3] Security Vulnerabilities fixed in Thunderbird 141
https://www.mozilla.org/en-US/security/advisories/mfsa2025-61/
[4] Security Vulnerabilities fixed in Firefox for iOS 141
https://www.mozilla.org/en-US/security/advisories/mfsa2025-60/
[5] Security Vulnerabilities fixed in Firefox ESR 140.1
https://www.mozilla.org/en-US/security/advisories/mfsa2025-59/
[6] Security Vulnerabilities fixed in Firefox ESR 128.13
https://www.mozilla.org/en-US/security/advisories/mfsa2025-58/
[7] Security Vulnerabilities fixed in Firefox ESR 115.26
https://www.mozilla.org/en-US/security/advisories/mfsa2025-57/
[8] Security Vulnerabilities fixed in Firefox 141
https://www.mozilla.org/en-US/security/advisories/mfsa2025-56/
[9] Update Firefox to the latest release
https://support.mozilla.org/ko/kb/update-firefox-latest-release