Mozilla Products October 2025 1st Security Update Advisory

Overview

 

An update has been made available to fix vulnerabilities in the Mozilla family of products (Thunderbird, Thunderbird, Firefox ESR, Firefox ESR, Firefox versions). Users of affected products are advised to update to the latest version.

 

Affected Products

 

Firefox 144 and earlier

Firefox ESR 115.29 and earlier

Firefox ESR 140.4 and earlier

Thunderbird before 140.4

Thunderbird 144 and earlier

 

Resolved Vulnerabilities

 

Moderate unhidden password edit screen vulnerability in the Android card view feature in Firefox (CVE-2025-11717) [5]

Moderate spoofing vulnerability in the visibilitychange function in Firefox (CVE-2025-11718) [5]

High-level out-of-bounds read vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11709) [1], [2], [3], [4], [5]

High-level Memory Security Verification Error Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11714) [1], [2], [3], [4], [5]

High-level vulnerability in Firefox, Firefox ESR, and Thunderbird where certain non-writable object properties could be modified (CVE-2025-11711) [1], [2], [3], [4], [5]

High-level information disclosure vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11710) [1], [2], [3], [4], [5]

High-level Memory Free and Reuse (UAF) Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11708) [1], [2], [3], [4], [5

Moderate Remote Code Execution Vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11712) [1], [2], [3], [5]

Moderate potential user-assisted code execution vulnerability in Firefox, Firefox ESR, and Thunderbird (CVE-2025-11713) [1], [2], [3], [5]

High-level memory safety flaw in Firefox, Thunderbird (CVE-2025-11721) [2], [5]

Moderate Memory Free and Reuse (UAF) Vulnerability in Firefox, Thunderbird (CVE-2025-11719) [2], [5]

Moderate sandboxed iframe vulnerability in Firefox and Thunderbird that allows links to be opened (CVE-2025-11716) [2], [5]

 

Vulnerability Patches

 

The following Vulnerability Patches were made available in the October 14, 2025 update. For more information on Vulnerability Patches, please refer to the “Mozilla” Referenced Sites documentation.

Thunderbird version 140.4

Thunderbird version 144

Firefox ESR 140.4

Firefox ESR 115.29

Firefox version 144

 

Referenced Sites

 

[1] Security Vulnerabilities fixed in Thunderbird 140.4

https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/

[2] Security Vulnerabilities fixed in Thunderbird 144

https://www.mozilla.org/en-US/security/advisories/mfsa2025-84/

[3] Security Vulnerabilities fixed in Firefox ESR 140.4

https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/

[4] Security Vulnerabilities fixed in Firefox ESR 115.29

https://www.mozilla.org/en-US/security/advisories/mfsa2025-82/

[5] Security Vulnerabilities fixed in Firefox 144

https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/

[6] Update Firefox to the latest release

https://support.mozilla.org/ko/kb/update-firefox-latest-release