The security advisory, announced on August 19, 2025, addresses vulnerabilities ranging from memory corruption issues to same-origin policy bypasses that could potentially compromise user data and system security.
The most severe vulnerability, CVE-2025-9179, represents a significant security concern involving a sandbox escape through an invalid pointer in the Audio/Video GMP (Gecko Media Plugin) component.
This high-impact flaw, discovered by researcher Oskar, enables attackers to perform memory corruption in the GMP process that handles encrypted media content.
While this process operates within a heavily sandboxed environment, it maintains different privileges from standard content processes, which is particularly concerning for browser security architecture.
Equally alarming is CVE-2025-9180, a same-origin policy bypass affecting the Graphics Canvas2D component.
Reported by security researcher Tom Van Goethem, this vulnerability undermines one of the web’s fundamental security mechanisms designed to prevent malicious websites from accessing data from other domains.
Same-origin policy bypasses can enable cross-site attacks and unauthorized data access, making this a critical concern for web application security.
The update also addresses CVE-2025-9181, involving uninitialized memory in the JavaScript Engine component.
Discovered by Irvan Kurniawan, this moderate-impact vulnerability could potentially lead to information disclosure or unexpected behavior in JavaScript execution environments.
Multiple memory safety vulnerabilities receive particular attention in this release.
CVE-2025-9187 encompasses memory safety bugs present in Firefox 141 and Thunderbird 141, with some showing evidence of memory corruption that could potentially be exploited for arbitrary code execution.
Similarly, CVE-2025-9184 and CVE-2025-9185 address memory safety issues across various Firefox ESR and Thunderbird versions, affecting extended support releases dating back to Firefox ESR 115.26.
The security update also resolves several lower-impact but notable issues, including address bar spoofing vulnerabilities in both desktop Firefox and Firefox Focus for Android.
CVE-2025-9182 addresses a denial-of-service condition in the Graphics WebRender component that could cause browser crashes through memory exhaustion.
Security experts strongly recommend that Firefox users update to version 142 immediately to protect against these vulnerabilities.
The combination of sandbox escape capabilities and same-origin policy bypass creates a particularly dangerous attack surface that malicious actors could exploit in coordinated attacks.
Enterprise users should prioritize testing and deployment of this security update across their organizations.
Mozilla’s security team, along with external researchers and the Mozilla Fuzzing Team, contributed to identifying and resolving these vulnerabilities, demonstrating the importance of collaborative security research in maintaining browser safety.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Mozilla Patches High-Severity Flaws Allowing Remote Code Execution appeared first on Cyber Security News.
We've seen the Alien and Predator franchises cross over numerous times across various media, but…
Check out this brand new deal on a high-capacity, high-output power bank with a huge…
It takes more than a single speaker to reproduce an entire soundstage. That's where Sonos'…
Two upcoming poetry Sangha events aim to engage participants in mindfulness meditation and spiritually-grounded personal…
North Korea has been running one of the most quietly effective cyber fraud operations in…
A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI…
This website uses cookies.