Mozilla News Articles
Recent news articles refferecing the vendors vulnerabilities.
Firefox 140 Released With Fix for Code Execution Vulnerability - Update Now
Mozilla has released Firefox 140, addressing multiple critical security vulnerabilities, including a high-impact use-after-free vulnerability that could lead to code execution.
5 days ago
Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches
The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access

Critical Firefox 0-Day Flaws Allow Remote Code Execution
Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers.
Firefox 0-day Vulnerabilities Let Attackers Execute Malicious Code
Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers.
Firefox patches flaw similar to exploited Chrome zero-day
The sandbox escape flaw affected Firefox and Chrome browsers on Windows machines.
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) - Help Net Security
There's currently no indication that the Firefox sandbox escape vulnerability (CVE-2025-2857) is under active exploitation.
Mozilla fixed critical Firefox vulnerability CVE-2025-2857
Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability
Mozilla patched CVE-2025-2857 in Firefox after Chrome’s exploited zero-day revealed similar IPC flaws.

New Windows Cyber Attack Warning As 0-Click Russian Backdoor Confirmed
Security researchers have confirmed how a 9.8 severity vulnerability was used in a zero-click cyber attack chain by Russian hackers against Windows users.
Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox, Windows
Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks
'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.
RomCom exploits Firefox and Windows zero days in the wild
ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.
RomCom hackers chained Firefox and Windows zero-days to deliver backdoor - Help Net Security
Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680 and CVE-2024-49039 as zero-days earlier this year.
Government issues important warning for Mozilla Firefox browser - Times of India
TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at

Vulnerabilities - The Shaco: Your Source for Infosec, Bug Bounties, and Tech News.
Explore The Shaco for cutting-edge insights into cybersecurity, ethical hacking, and infosec. Stay updated on bug bounties, technology news, and pro hacking tips to secure the digital world. Join a community dedicated to ethical hacking and advanced security practices.
Mozilla fixes critical Firefox bug exploited in the wild
Mozilla has patched a serious security flaw in its Firefox web browser that the company said is being exploited by hackers.
Tor Browser Update Patches Exploited Firefox Zero-Day
Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) - Help Net Security
Mozilla released an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) exploited in the wild.
Mozilla releases patches for actively exploited Firefox bug
It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines –...

Firefox Zero-Day Under Attack: Update Your Browser Immediately
Mozilla urges users to update Firefox after critical CVE-2024-9680 vulnerability is actively exploited.
Firefox 131 Update Patches Exploited Zero-Day Vulnerability
Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.
Firefox用於存取PDF檔案的元件存在弱點,有可能被用於執行任意JavaScript程式碼
上週研究人員對於Mozilla基金會在Firefox 126修補的PDF.js漏洞CVE-2024-4367提出說明,並指出這項漏洞與字型處理有關,攻擊者有機會用來執行任意JavaScript程式碼

PoC Released for JavaScript execution Vulnerability in PDF.js
A vulnerability, identified as CVE-2024-4367, PDF.js, was discovered in a widely used JavaScript-based PDF viewer maintained by Mozilla.

⚠️⚠️CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js affects firefox < 126, PDF.js < 4.2.67. ⚠️⚠️
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ [https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/] > Because some higher level PDF-related libraries statically embed PDF.js, we recommend recursively checking your node_modules ...
Votre lecteur PDF.js préféré peut exécuter du code malveillant !
Une vulnérabilité dans PDF.js de Mozilla permet d'exécuter du JavaScript malveillant depuis un PDF piégé. Elle affecte Firefox et les applications utilisant cette bibliothèque. Mise à jour de sécurité recommandée vers la version 4.2.67.
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.
2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now
Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox
Mozilla Fixes 2 Critical Firefox Vulnerabilities Exploited at Pwn2Own - Lansweeper
Mozilla has fixed 2 critical code execution vulnerabilities in Firefox and Firefox ESR. Get the report to locate vulnerable installs now.
Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
Firefox browser updates address two zero-day vulnerabilities, CVE-2024-29943 and CVE-2024-29944, exploited at the Pwn2Own hacking contest.
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

CVE-2024-29943 Archives
VulnerabilityMarch 22, 2024Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox...
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024
Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024
The vulnerabilities in question, CVE-2024-29944, and CVE-2024-29943, were expertly exploited by researcher Manfred Paul (@_manfp)
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.