Mozilla News Articles

Firefox 140 Released With Fix for Code Execution Vulnerability - Update Now

Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution. 

5 days ago

Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches

The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access

Critical Firefox 0-Day Flaws Allow Remote Code Execution

Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers.

Firefox 0-day Vulnerabilities Let Attackers Execute Malicious Code

Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers.

Firefox patches flaw similar to exploited Chrome zero-day

The sandbox escape flaw affected Firefox and Chrome browsers on Windows machines.

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) - Help Net Security

There's currently no indication that the Firefox sandbox escape vulnerability (CVE-2025-2857) is under active exploitation.

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla patched CVE-2025-2857 in Firefox after Chrome’s exploited zero-day revealed similar IPC flaws.

New Windows Cyber Attack Warning As 0-Click Russian Backdoor Confirmed

Security researchers have confirmed how a 9.8 severity vulnerability was used in a zero-click cyber attack chain by Russian hackers against Windows users.

Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox, Windows

Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor - Help Net Security

Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680 and CVE-2024-49039 as zero-days earlier this year.

Government issues important warning for Mozilla Firefox browser - Times of India

TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at

Vulnerabilities - The Shaco: Your Source for Infosec, Bug Bounties, and Tech News.

Explore The Shaco for cutting-edge insights into cybersecurity, ethical hacking, and infosec. Stay updated on bug bounties, technology news, and pro hacking tips to secure the digital world. Join a community dedicated to ethical hacking and advanced security practices.

Mozilla fixes critical Firefox bug exploited in the wild

Mozilla has patched a serious security flaw in its Firefox web browser that the company said is being exploited by hackers.

Tor Browser Update Patches Exploited Firefox Zero-Day

Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) - Help Net Security

Mozilla released an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) exploited in the wild.

Mozilla releases patches for actively exploited Firefox bug

It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines –...

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla urges users to update Firefox after critical CVE-2024-9680 vulnerability is actively exploited.

Firefox 131 Update Patches Exploited Zero-Day Vulnerability

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

Firefox用於存取PDF檔案的元件存在弱點，有可能被用於執行任意JavaScript程式碼

上週研究人員對於Mozilla基金會在Firefox 126修補的PDF.js漏洞CVE-2024-4367提出說明，並指出這項漏洞與字型處理有關，攻擊者有機會用來執行任意JavaScript程式碼

PoC Released for JavaScript execution Vulnerability in PDF.js

A vulnerability, identified as CVE-2024-4367, PDF.js, was discovered in a widely used JavaScript-based PDF viewer maintained by Mozilla.

⚠️⚠️CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js affects firefox < 126, PDF.js < 4.2.67. ⚠️⚠️

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ [https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/] > Because some higher level PDF-related libraries statically embed PDF.js, we recommend recursively checking your node_modules ...

Votre lecteur PDF.js préféré peut exécuter du code malveillant !

Une vulnérabilité dans PDF.js de Mozilla permet d'exécuter du JavaScript malveillant depuis un PDF piégé. Elle affecte Firefox et les applications utilisant cette bibliothèque. Mise à jour de sécurité recommandée vers la version 4.2.67.

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now

Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox

Mozilla Fixes 2 Critical Firefox Vulnerabilities Exploited at Pwn2Own - Lansweeper

Mozilla has fixed 2 critical code execution vulnerabilities in Firefox and Firefox ESR. Get the report to locate vulnerable installs now.

Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

Firefox browser updates address two zero-day vulnerabilities, CVE-2024-29943 and CVE-2024-29944, exploited at the Pwn2Own hacking contest.

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

CVE-2024-29943 Archives

VulnerabilityMarch 22, 2024Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox...

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024

The vulnerabilities in question, CVE-2024-29944, and CVE-2024-29943, were expertly exploited by researcher Manfred Paul (@_manfp)

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.