Firefox 140 Launches with Critical Code Execution Bug Fix – Update Now
Mozilla has officially released Firefox 140, marking a significant update that addresses multiple security vulnerabilities, including a critical code execution flaw.
Users are strongly urged to update their browsers immediately to protect against potential exploits targeting these newly patched weaknesses.
Critical Security Fixes in Firefox 140
The highlight of Firefox 140 is the resolution of high-severity memory safety bugs, including a critical use-after-free vulnerability in the FontFaceSet component.
This flaw could allow attackers to execute arbitrary code on a victim’s machine, posing a major risk to user security.
In total, Firefox 140 patches 13 security vulnerabilities, with two classified as high-severity memory safety issues.
These include the aforementioned use-after-free bug and other memory corruption defects that could be exploited for remote code execution.
Mozilla’s security team notes that while there is no evidence these bugs have been exploited in the wild, the risk is substantial enough to warrant immediate action from users.
Additional Features and Improvements
Beyond security, Firefox 140 introduces several usability and performance enhancements.
The update brings improvements to the vertical tabs feature, enabling users to resize the pinned section and manage visible tabs more efficiently.
A new “Unload Tab” option allows users to pause background activity for inactive tabs, reducing memory and CPU usage.
Other updates include expanded address autofill support, a built-in Arabic spellcheck dictionary, and a streamlined New Tab interface.
Below is a table summarizing the key vulnerabilities addressed in this release:
| CVE | Impact | Description |
| CVE-2025-6424 | High | Exploitable crash due to use-after-free bug |
| CVE-2025-6425 | Moderate | Persistent UUID could identify browser across modes |
| CVE-2025-6426 | Moderate | No warning before opening terminal files, macOS only |
| CVE-2025-6427 | Moderate | Attacker could bypass CSP connect-src directive |
| CVE-2025-6428 | Moderate | Android version followed malicious URLs in querystring, potential phishing |
| CVE-2025-6429 | Moderate | URL parsing flaw could bypass domain embedding restrictions |
| CVE-2025-6430 | Moderate | Ignored header could lead to cross-site scripting |
| CVE-2025-6436 | High | Memory corruption could allow arbitrary code execution |
Mozilla has not reported any active exploitation of these vulnerabilities but emphasizes the importance of updating to Firefox 140 as soon as possible.
The patch is available for all supported platforms, including Windows, macOS, Linux, and Android. Users of Firefox ESR (Extended Support Release) should also update to the latest version for continued protection.
To update, users can navigate to the browser’s menu, select “Help,” then “About Firefox,” and follow the prompts to install the latest security updates.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
Source link
