Use-After-Free Vulnerability in Firefox Affects Mozilla Products
CVE-2025-6424

Currently unrated

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-6424?

A use-after-free vulnerability has been identified in the FontFaceSet component of the Firefox web browser, which may result in a crash that could potentially be exploited. This flaw affects multiple versions of Firefox, including those before version 140, as well as certain extended support releases. Users of the affected versions should be aware of the potential risks and update to patched releases to ensure their security.

Affected Version(s)

Firefox < 140

Firefox ESR < 115.25

Firefox ESR < 128.12

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1966423

https://www.mozilla.org/security/advisories/mfsa2025-51/

https://www.mozilla.org/security/advisories/mfsa2025-52/

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 20, 2025

Credit

LJP and HexRabbit (DEVCORE Research Team)