On November 11, 2025, Mozilla released Firefox 145 to patch critical vulnerabilities, particularly affecting graphics, JavaScript, and DOM components. This update addresses 15 CVEs, highlighting eight with high severity, including CVE-2025-13027, which potentially allows arbitrary code execution due to memory safety issues. Users are urged to upgrade immediately to mitigate risks as determined attackers may exploit these flaws for unauthorized access.
The most concerning vulnerabilities include issues related to WebGPU, where incorrect boundary conditions can lead to sandbox escapes and code injection vulnerabilities. Other significant findings involve boundary errors in WebAssembly and race conditions in the Graphics component. While Mozilla confirms no in-the-wild exploitation of these vulnerabilities, the potential impact on users remains high, especially for those using unpatched versions who face risks from drive-by downloads or phishing. The advisory also mentions that Thunderbird 145 shares similar memory issues, emphasizing a need for proactive updates.
👉 Pročitaj original: Cyber Security News
