Firefox: Mozilla closes security gaps from Pwn2Own hacker competition
Various versions of the Firefox web browser are vulnerable. The discoverers of the vulnerabilities received a 100,000 US dollar reward.
(Image: Tero Vesalainen/Shutterstock.com)
- Dennis Schirrmacher
Attackers can use two security vulnerabilities in Firefox, Firefox for Android and Firefox ESR to attack PCs. Secured versions have now been released. There are currently no indications that attackers are already exploiting the vulnerabilities.
Install security updates
Mozilla classifies the two vulnerabilities (CVE-2025-4981, CVE-2025-4919) as “critical”. In both cases, memory errors occur in the context of JavaScript. In such a state, malicious code usually gets onto systems and compromises them.
Videos by heise
The following versions are protected against this:
- Firefox 138.0.4
- Firefox Android 138.0.4
- Firefox ESR 115.23.1
- Firefox ESR 128.10.1
The vulnerabilities were discovered by security researchers during the Pwn2Own hacking competition. The event took place for the first time in Germany this year in Berlin. The organizers from Trend Micro awarded a total of over one million US dollars in prize money.
(des)
