Remote Code Execution Vulnerability in Firefox by Mozilla
CVE-2025-10527

7.1HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-10527?

This vulnerability in Firefox enables remote code execution, posing significant security risks for users running versions prior to 143 and Firefox ESR versions below 140.3. Exploitation may lead to unauthorized access and control over affected systems, necessitating immediate updates to secure environments. Users are advised to upgrade their browsers to the latest versions to mitigate potential threats.

Affected Version(s)

Firefox < 143

Firefox ESR < 140.3

Thunderbird < 143

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1984825

https://www.mozilla.org/security/advisories/mfsa2025-73/

https://www.mozilla.org/security/advisories/mfsa2025-75/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Sep 16, 2025

Credit

Oskar L