CERT-In warns of critical security flaws in Firefox versions prior to 140 and ESR variants.
Vulnerabilities could allow attackers to access data, execute code, and bypass security.
Mozilla has released patches; users should update their browsers without delay.
If you’re a regular Mozilla Firefox user, you should be aware. The Indian Computer Emergency Response Team (CERT-In), which reports to the Ministry of Electronics and Information Technology (MeitY), has issued a high-level security advisory warning users about multiple vulnerabilities in Mozilla’s Firefox and Firefox ESR (Extended Support Release) browsers.
SurveyIf exploited, these flaws could allow attackers to gain unauthorised access to your sensitive data, execute arbitrary code, circumvent security features, and escalate privileges on vulnerable systems. Here are the details on who is at risk and which versions are affected.
What’s affected?
The advisory, listed under vulnerability note CIVN-2025-0138, affects the following software versions including Mozilla Firefox versions prior to 140, Firefox ESR versions prior to 115.25, and Firefox ESR versions prior to 128.12.
Who is at risk?
Every individual and organisation using Mozilla Firefox or its ESR variants is at risk and is advised to take immediate action. The vulnerabilities pose a significant threat, specifically for the enterprise environments that operate at large scale with big data access.
Nature of the Vulnerabilities
According to CERT-In, the vulnerabilities stem from memory corruption and improper handling of specific web requests. A remote attacker could exploit these flaws by tricking a user into visiting a maliciously designed website. Once activated, the exploit may allow unauthorised access to sensitive data, system compromise via arbitrary code execution, security bypass, and privilege escalation.
How to stay safe?
CERT-In strongly advises users and system administrators to install the latest security patches released by Mozilla. To address the vulnerabilities, the company has issued security advisories and released software updates. Mozilla’s official security portal also provides detailed instructions and version updates.
Follow Us
Ashish Singh
Ashish Singh is the Chief Copy Editor at Digit. He's been wrangling tech jargon since 2020 (Times Internet, Jagran English '22). When not policing commas, he's likely fueling his gadget habit with coffee, strategising his next virtual race, or plotting a road trip to test the latest in-car tech. He speaks fluent Geek. View Full Profile
