Mozilla Firefox Critical Vulnerabilities - 20250724001¶
Overview¶
Mozilla have released a security advisory to address multiple vulnerabilities affecting their Firefox and Thunderbird products. These vulnerabilities could allow attackers to execute arbitrary code, manipulate URL display, bypass navigation security checks, bypass cookie security mechanisms, intercept and obtain sensitive authentication credentials and manipulate WebAssembly execution.
What is vulnerable?¶
| Product(s) Affected | Version(s) | CVE | CVSS | Severity |
|---|---|---|---|---|
| Firefox and Thunderbird | Firefox prior to 141 Firefox ESR prior to 140.1 Thunderbird prior to 141 Thunderbird prior to 140.1 |
CVE-2025-8044 CVE-2025-8043 CVE-2025-8038 CVE-2025-8037 CVE-2025-8031 CVE-2025-8028 |
9.8 9.8 9.8 9.1 9.8 9.8 |
Critical Critical Critical Critical Critical Critical |
What has been observed?¶
The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected products within expected timeframes (refer Patch Management):