Mozilla News Articles

Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches

The vulnerabilities—CVE-2025-4918 and CVE-2025-4919—were both found in Firefox’s JavaScript engine and allowed out-of-bounds memory access

2 weeks ago

Critical Firefox 0-Day Flaws Allow Remote Code Execution

Mozilla has urgently patched two critical 0-day vulnerabilities in its popular web browser Firefox, both of which could allow remote attackers.

3 weeks ago

Firefox 0-day Vulnerabilities Let Attackers Execute Malicious Code

Mozilla has released an emergency security update to address two critical vulnerabilities in Firefox that could allow attackers.

3 weeks ago

Firefox patches flaw similar to exploited Chrome zero-day

The sandbox escape flaw affected Firefox and Chrome browsers on Windows machines.

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) - Help Net Security

There's currently no indication that the Firefox sandbox escape vulnerability (CVE-2025-2857) is under active exploitation.

Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Mozilla addressed a critical vulnerability, tracked as CVE-2025-2857, impacting its Firefox browser for Windows.

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla patched CVE-2025-2857 in Firefox after Chrome’s exploited zero-day revealed similar IPC flaws.

New Windows Cyber Attack Warning As 0-Click Russian Backdoor Confirmed

Security researchers have confirmed how a 9.8 severity vulnerability was used in a zero-click cyber attack chain by Russian hackers against Windows users.

Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox, Windows

Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

RomCom exploits Firefox and Windows zero days in the wild

ESET Research details the analysis of a previously unknown vulnerability in Mozilla products exploited in the wild and another previously unknown Microsoft Windows vulnerability, combined in a zero-click exploit.

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor - Help Net Security

Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680 and CVE-2024-49039 as zero-days earlier this year.

Government issues important warning for Mozilla Firefox browser - Times of India

TECH NEWS : Update Mozilla products immediately to protect against CVE-2024-5690 and other identified vulnerabilities. Stay secure and prevent potential remote at

Vulnerabilities - The Shaco: Your Source for Infosec, Bug Bounties, and Tech News.

Explore The Shaco for cutting-edge insights into cybersecurity, ethical hacking, and infosec. Stay updated on bug bounties, technology news, and pro hacking tips to secure the digital world. Join a community dedicated to ethical hacking and advanced security practices.

Mozilla fixes critical Firefox bug exploited in the wild

Mozilla has patched a serious security flaw in its Firefox web browser that the company said is being exploited by hackers.

Tor Browser Update Patches Exploited Firefox Zero-Day

Tor browser version 13.5.7 is rolling out with patches for an exploited zero-day vulnerability recently addressed in Firefox.

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) - Help Net Security

Mozilla released an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) exploited in the wild.

Mozilla releases patches for actively exploited Firefox bug

It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser. Mozilla said CVE-2024-9680 is a use-after-free issue in Animation timelines –...

Firefox Zero-Day Under Attack: Update Your Browser Immediately

Mozilla urges users to update Firefox after critical CVE-2024-9680 vulnerability is actively exploited.

Firefox 131 Update Patches Exploited Zero-Day Vulnerability

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

Firefox用於存取PDF檔案的元件存在弱點，有可能被用於執行任意JavaScript程式碼

上週研究人員對於Mozilla基金會在Firefox 126修補的PDF.js漏洞CVE-2024-4367提出說明，並指出這項漏洞與字型處理有關，攻擊者有機會用來執行任意JavaScript程式碼

PoC Released for JavaScript execution Vulnerability in PDF.js

A vulnerability, identified as CVE-2024-4367, PDF.js, was discovered in a widely used JavaScript-based PDF viewer maintained by Mozilla.

⚠️⚠️CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js affects firefox < 126, PDF.js < 4.2.67. ⚠️⚠️

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ [https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/] > Because some higher level PDF-related libraries statically embed PDF.js, we recommend recursively checking your node_modules ...

Votre lecteur PDF.js préféré peut exécuter du code malveillant !

Une vulnérabilité dans PDF.js de Mozilla permet d'exécuter du JavaScript malveillant depuis un PDF piégé. Elle affecte Firefox et les applications utilisant cette bibliothèque. Mise à jour de sécurité recommandée vers la version 4.2.67.

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs

A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024.

2 Firefox Zero-Days Exploited At Pwn2Own : Patch Now

Mozilla addresses two zero-day vulnerabilities that were recently exploited at the Pwn2Own Vancouver 2024 hacking contest in the Firefox

Mozilla Fixes 2 Critical Firefox Vulnerabilities Exploited at Pwn2Own - Lansweeper

Mozilla has fixed 2 critical code execution vulnerabilities in Firefox and Firefox ESR. Get the report to locate vulnerable installs now.

Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

Firefox browser updates address two zero-day vulnerabilities, CVE-2024-29943 and CVE-2024-29944, exploited at the Pwn2Own hacking contest.

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

CVE-2024-29943 Archives

VulnerabilityMarch 22, 2024Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024Mozilla has issued emergency security updates to fix two critical “zero-day” vulnerabilities in the Firefox...

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Mozilla fixed Firefox zero-days exploited at Pwn2Own Vancouver 2024

Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024

The vulnerabilities in question, CVE-2024-29944, and CVE-2024-29943, were expertly exploited by researcher Manfred Paul (@_manfp)

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition.