Firefox ESR 140.1 Security Update: Fixes for CVE-2025-8027/8036 Memory Safety and CSP Bypass Vulnerabilities

Key Vulnerability Information Vulnerability IDs and Impact Levels CVE-2025-8027: JavaScript engine writes only partial return values to the stack, Impact Level: High CVE-2025-8028: Large branch tables may cause instruction truncation, Impact Level: Medium CVE-2025-8029: Execution of JavaScript URLs on objects and embedded tags, Impact Level: Medium CVE-2025-8036: DNS rebinding bypassing CORS, Impact Level: Medium CVE-2025-8037: Unnamed cookie overwriting secure cookies, Impact Level: Low CVE-2025-8030: Potential user-assisted code execution in "Copy as cURL" command, Impact Level: Medium CVE-2025-8031: Incorrect URL stripping in CSP reports, Impact Level: Low CVE-2025-8032: XSLT documents may bypass CSP, Impact Level: Medium CVE-2025-8033: CSP frame-src not properly enforced for paths, Impact Level: Low CVE-2025-8039: Search terms persist in URL bar, Impact Level: Low CVE-2025-8033: Incorrect JavaScript state machine in generator, Impact Level: Low CVE-2025-8040: Memory safety vulnerabilities in Firefox ESR 136.2, Firefox ESR 138.13, Thunderbird ESR 138.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141, Impact Level: High CVE-2025-8045: Memory safety vulnerabilities in Firefox ESR 136.2, Firefox ESR 138.13, Thunderbird ESR 138.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141, and Thunderbird 141, Impact Level: Medium Affected Products Firefox ESR 140.1 Reporters Reporters for individual vulnerabilities include Jan Varga, Lukas Maly, Victor Cojocaru, James Graham, Tom Darcher, Jakub Wilk, Carlo Grech, Sven Michelschmidt, Shannon Potter, two-factor forcing root, etc. Description Detailed descriptions for each vulnerability outline specific issues, such as JavaScript engine flaws, DNS rebinding attacks, CSP bypasses, etc. References References include links to related vulnerabilities on Mozilla Bugzilla, GitHub, etc. ``` This summary outlines the key details of security vulnerabilities fixed in Firefox ESR 140.1, including vulnerability IDs, impact levels, reporters, descriptions, and references.

Goal Reached Thanks to every supporter — we hit 100%!

Firefox ESR 140.1 Security Update: Fixes for CVE-2025-8027/8036 Memory Safety and CSP Bypass Vulnerabilities

More from this source