Zero-Day Issues in Firefox Browsers Require Update Now
July 13, 2025
Cybersecurity news regarding Google’s Chrome browser is getting a little “old hat.” After all, that browser has been in the news a lot lately. It's a target because it's very widely used. However, not to be outdone, there is now a warning for those of you who use something different for your web browsing needs: Firefox. Yep, at a hacking contest, two zero-day vulnerabilities were found in the Firefox browser, so read on for more information on this issue found by some researchers.
Let’s quickly revisit what a zero-day vulnerability is. This is an issue for which there is no known fix, but could be or is being actively exploited. There have been several recent ones for Chrome, including a high-severity one that could allow account takeover of your Google account. Even CISA warned about that one being actively exploited. In case you want to find out more on that, look up CVE- 2025-4664. Google has patched it, so make sure you have it applied and your browser restarted if you’re using Chrome.
Now, on to Firefox. At a Pwn20wn contest in Berlin, both zero-day flaws found could allow an attacker to gain read and write privileges on a compromised device. You can read all about them by looking up CVE-2025-4918 and CVE-2025-4919. However, the takeaway from this writing is that you should patch your Firefox browser right now.
The following versions are vulnerable and should be updated:
- Firefox before 138.0.4
- Firefox Extended Support Release (ESR) before 128.10.1
- Firefox ESR before 115.23.1
- Firefox for Android
You can check what version you have by going to Firefox > About Firefox. If an “update” appears, take advantage of it right then.
Mozilla, the developers of Firefox, did point out that the issues never made out of their sandbox environment, but they still quickly issued a patch…and paid the finders $50K each.
SUBSCRIBE TO WEEKLY NEWSLETTER
