Mozilla Products August 2025 1st Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Focus for iOS, Firefox for iOS, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 142 and earlier

Firefox ESR 115.27 and earlier

Firefox ESR 128.14 and earlier

Firefox ESR 140.2 and earlier

Firefox for iOS 142 and earlier

Focus for iOS 142 and earlier

Thunderbird 128.14 and earlier

Thunderbird 140.2 and earlier

Thunderbird 142 and earlier

 

Resolved Vulnerabilities

 

High-level Memory Security Verification Error Vulnerability in Firefox ESR, Thunderbird (CVE-2025-9185) [2], [7], [8]

High-level memory security validation error vulnerability in Firefox ESR, Thunderbird (CVE-2025-9184) [1], [6]

High-level Content-Disposition header incorrectly ignored for some MIME types in Firefox for iOS (CVE-2025-55030) [5]

Moderate denial of service vulnerability in Firefox for iOS (CVE-2025-55028) [5]

Moderate Bluetooth range vulnerability in Firefox for iOS and Focus for iOS that allows Passkey phishing (CVE-2025-55031) [4], [5]

High-level malformed pointer vulnerability in Firefox, Firefox ESR, and Thunderbird that allows sandbox escape (CVE-2025-9179) [1], [2], [3], [6], [7], [8], [9]

High-level policy bypass vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-9180) [1], [2], [3], [6], [7], [8], [9]

Moderate Uninitialized Memory Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-9181) [1], [2], [3], [6], [7], [8], [9]

High-level memory security validation error vulnerability in Firefox and Thunderbird (CVE-2025-9187) [3], [9]

High-level vulnerability in Focus for iOS where Focus incorrectly ignores the Content-Disposition header for some MIME types (CVE-2025-55032) [4]

Moderate vulnerability in drag and drop gestures in Focus for iOS (CVE-2025-55033) [4] [4

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the August 19, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 140.2

Thunderbird version 128.14

Thunderbird version 142

Focus for iOS 142 version

Firefox for iOS 142 version

Firefox ESR version 140.2

Firefox ESR version 128.14

Firefox ESR 115.27 版本

Firefox version 142

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 140.2

https://www.mozilla.org/en-US/security/advisories/mfsa2025-72/

[2] Security Vulnerabilities fixed in Thunderbird 128.14

https://www.mozilla.org/en-US/security/advisories/mfsa2025-71/

[3] Security Vulnerabilities fixed in Thunderbird 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-70/

[4] Security Vulnerabilities fixed in Focus for iOS 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-69/

[5] Security Vulnerabilities fixed in Firefox for iOS 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-68/

[6] Security Vulnerabilities fixed in Firefox ESR 140.2

https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/

[7] Security Vulnerabilities fixed in Firefox ESR 128.14

https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/

[8] Security Vulnerabilities fixed in Firefox ESR 115.27

https://www.mozilla.org/en-US/security/advisories/mfsa2025-65/

[9] Security Vulnerabilities fixed in Firefox 142

https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/

[10] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release