Pwn2Own 2025: Mozilla Patches Critical Firefox Vulnerabilities in Record Time

By /
mozilla firefox romcom

Mozilla has released urgent security updates for Firefox after two dangerous zero-day vulnerabilities were discovered during the Pwn2Own Berlin 2025 hacking competition. These updates were issued just hours after the flaws were demonstrated live on stage, showing Mozilla’s fast response to serious threats.

Pwn2Own Berlin 2025

Pwn2Own is a popular hacking contest where cybersecurity experts compete to find and demonstrate vulnerabilities in widely used software and devices. This year, the event was held in Berlin and included categories like web browsers, enterprise software, and virtualization platforms.

During the contest, two different zero-day vulnerabilities were successfully demonstrated in Mozilla Firefox. A zero-day vulnerability means the software vendor didn’t know about the flaw before it was exposed, and no fix was available at the time it was discovered.

Two Firefox Zero-Day Bugs

1. CVE-2025-4918 – JavaScript Engine Vulnerability
The first flaw is a memory issue found in Firefox’s JavaScript engine. It occurs when handling JavaScript “Promise” objects. Specifically, it allows out-of-bounds reading and writing in memory. This type of flaw can let attackers crash the browser or possibly run malicious code.

The vulnerability was demonstrated by cybersecurity researchers Edouard Bochin and Tao Yan from Palo Alto Networks. They successfully exploited it on the second day of the contest and were awarded $50,000 for their efforts.

2. CVE-2025-4919 – Array Index Confusion Bug
The second critical bug involves confusion around array index sizes, which can also lead to out-of-bounds memory access. In simple terms, attackers can trick the browser into reading or writing data where it shouldn’t, which can compromise the program’s security.

Security researcher Manfred Paul demonstrated this flaw and was also awarded $50,000 after gaining unauthorized access to Firefox’s internal renderer process.

Both vulnerabilities are rated “critical” by Mozilla due to their potential for serious exploitation. However, Mozilla noted that no sandbox escape was achieved during these demonstrations. A sandbox escape would allow attackers to break out of the browser’s protected environment and access the operating system, which could lead to full system compromise.

Mozilla stated that recent improvements to Firefox’s sandbox architecture were key in preventing such attacks. “Unlike previous years, no participating group managed to escape our sandbox this time,” Mozilla said in its official security advisory. They credited their new security enhancements for this success.

Mozilla’s Fast and Global Response

Although there is no evidence that these vulnerabilities have been used in real-world attacks, the public demonstration makes it possible that malicious hackers could now try to use them. That’s why Mozilla acted quickly.

As soon as the competition ended, Mozilla formed a global “task force” made up of security engineers and developers from different regions. This team worked around the clock to create, test, and release patches for the affected versions of Firefox.

cyber

Firefox Users: Update Now to Stay Protected

To stay safe from these critical bugs, users are strongly advised to update their browsers immediately. The fixed versions are:

  • Firefox 138.0.4 (for regular desktop users)

  • Firefox ESR 128.10.1 (Extended Support Release)

  • Firefox ESR 115.23.1 (for older long-term support users)

  • Firefox for Android (latest version updated via Google Play)

Users can check for updates by going to the “About Firefox” section in the browser’s menu, or by downloading the latest version from Mozilla’s official website.

Firefox and Pwn2Own

This is not the first time Firefox vulnerabilities have been exposed at Pwn2Own. Last year at Pwn2Own Vancouver 2024, two other critical zero-day flaws in Firefox were also found and quickly patched by Mozilla within a day.

This shows a trend: Mozilla continues to demonstrate strong commitment to browser security by responding rapidly to any reported or demonstrated threats. Their fast patching process helps keep millions of Firefox users worldwide protected from cyber threats.

Pwn2Own 2025: A Quick Recap

Pwn2Own Berlin 2025 wrapped up with more than $1 million USD awarded in total prizes. The “Master of Pwn” title was claimed by the STAR Labs SG team for their impressive performance across various categories, including browser exploits, virtualization vulnerabilities, and enterprise app hacks.

Zero-day vulnerabilities are dangerous because attackers can use them before software makers have time to fix the issue. Events like Pwn2Own help the tech industry by giving ethical hackers a platform to find and report these flaws in a responsible way.

Mozilla’s fast response, improved sandboxing technology, and global coordination show how seriously they take user security. If you’re a Firefox user, update your browser now to stay protected from these newly discovered threats.

Follow us on x twitter (Twitter) for real time updates and exclusive content.

Interesting Article : Defendnot Tool Disables Microsoft Defender with Fake Antivirus

1 thought on “Pwn2Own 2025: Mozilla Patches Critical Firefox Vulnerabilities in Record Time”

  1. Pingback: Trojanized KeePass Password Manager Targets ESXi Servers

Comments are closed.

Scroll to Top