Mozilla Products Multiple Vulnerabilities

Release Date: 28 May 2025

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution,  denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system.

---

Impact

• Information Disclosure
• Remote Code Execution
• Denial of Service
• Security Restriction Bypass

---

System / Technologies affected

Versions prior to:

 

• Thunderbird 128.11
• Thunderbird 139
• Firefox ESR 128.11
• Firefox ESR 115.24
• Firefox 139

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Thunderbird 128.11
• Thunderbird 139
• Firefox ESR 128.11
• Firefox ESR 115.24
• Firefox 139

---

Vulnerability Identifier

• CVE-2025-5262
• CVE-2025-5263
• CVE-2025-5264
• CVE-2025-5265
• CVE-2025-5266
• CVE-2025-5267
• CVE-2025-5268
• CVE-2025-5269
• CVE-2025-5270
• CVE-2025-5271
• CVE-2025-5272

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-45/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-43/
• https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/