If you’re a regular Mozilla Firefox user, you should be aware. The Indian Computer Emergency Response Team (CERT-In), which reports to the Ministry of Electronics and Information Technology (MeitY), has issued a high-level security advisory warning users about multiple vulnerabilities in Mozilla’s Firefox and Firefox ESR (Extended Support Release) browsers.
If exploited, these flaws could allow attackers to gain unauthorised access to your sensitive data, execute arbitrary code, circumvent security features, and escalate privileges on vulnerable systems. Here are the details on who is at risk and which versions are affected.
The advisory, listed under vulnerability note CIVN-2025-0138, affects the following software versions including Mozilla Firefox versions prior to 140, Firefox ESR versions prior to 115.25, and Firefox ESR versions prior to 128.12.
Every individual and organisation using Mozilla Firefox or its ESR variants is at risk and is advised to take immediate action. The vulnerabilities pose a significant threat, specifically for the enterprise environments that operate at large scale with big data access.
According to CERT-In, the vulnerabilities stem from memory corruption and improper handling of specific web requests. A remote attacker could exploit these flaws by tricking a user into visiting a maliciously designed website. Once activated, the exploit may allow unauthorised access to sensitive data, system compromise via arbitrary code execution, security bypass, and privilege escalation.
CERT-In strongly advises users and system administrators to install the latest security patches released by Mozilla. To address the vulnerabilities, the company has issued security advisories and released software updates. Mozilla’s official security portal also provides detailed instructions and version updates.