This critical security update, announced on April 1, 2025, fixes several memory safety bugs and use-after-free vulnerabilities that posed significant risks to users of previous versions. The fixes in Firefox 137 and Thunderbird 137 included hardening the JIT compiler’s security checks and addressing race conditions in memory handling. These vulnerabilities collectively posed serious security risks, including denial of service, elevation of privilege, remote code execution, spoofing, and information disclosure. Users can update Firefox by opening the browser’s menu, selecting “Help,” and clicking on “About Firefox,” which will automatically check for and install available updates. The flaw affected Firefox versions prior to 137, Firefox ESR versions below 115.22 and 128.9, and Thunderbird versions below 137 and 128.9. Mozilla resolved it in Firefox 137 through improved memory management during XSLT processing. Organizations utilizing Firefox in enterprise environments should prioritize this update, especially given the high CVSS score of 9.8 assigned to some of these vulnerabilities, indicating critical severity. Patched in Firefox 137 and related ESR/Thunderbird updates, the fixes included enhanced memory validation and sanitization across the codebase. For those unable to update immediately, security professionals recommend temporarily switching to alternative browsers until the update can be applied, as no reliable workarounds exist for these vulnerabilities. The Firefox 137 release demonstrates Mozilla’s ongoing commitment to addressing security issues promptly and transparently. Users are encouraged to enable automatic updates for all Mozilla products to ensure they receive security patches as soon as they become available. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 02 Apr 2025 14:15:11 +0000