Latest Cyber Security News

You are here: Home / General Cyber Security News / Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
May 19, 2025

Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution.

The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below –

  • CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object
  • CVE-2025-4919 – An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes

In other words, successful exploitation of either of the flaws could permit an adversary to achieve out-of-bounds read or write, which could then be abused to access otherwise sensitive information or result in memory corruption that could pave the way for code execution.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The vulnerabilities affect the following versions of the Firefox browser –

  • All versions of Firefox before 138.0.4
  • All versions of Firefox Extended Support Release (ESR) before 128.10.1
  • All versions of Firefox ESR before 115.23.1

Edouard Bochin and Tao Yan from Palo Alto Networks have been credited with finding and reporting CVE-2025-4918. The discovery of CVE-2025-4919 has been credited to Manfred Paul.

It’s worth noting that both shortcomings were demonstrated at the Pwn2Own Berlin hacking contest last week for which they were awarded $50,000 each.

With web browsers continuing to be an attractive vector for malware delivery, users are advised to update their instances to the latest version to safeguard against potential threats.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *