CyberSecurityBoard
Sponsor Register Login

Firefox 138 Released With Fix for Multiple High-severity Vulnerabilities

“By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation,” Mozilla explained in their advisory. Security researchers identified multiple critical flaws that could allow attackers to escalate privileges or bypass security mechanisms, prompting this significant security update, which was released on April 29, 2025. Mozilla has released Firefox 138, addressing several high-severity security vulnerabilities while introducing long-awaited features, including improved profile management. The most concerning issues include a privilege escalation vulnerability, a memory corruption flaw, and a process isolation bypass. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The Mozilla Foundation Security Advisory details four high-impact vulnerabilities remediated in this release. CISA stated in its advisory that “There are currently no reports of these vulnerabilities being exploited in the wild,” but it recommended that users apply updates immediately after appropriate testing. Another significant vulnerability, CVE-2025-4083, reported by Nika Layzell, involved a process isolation bypass using URI links in cross-origin frames. This vulnerability stemmed from improper handling of javascript: URIs, potentially allowing content to execute in the top-level document’s process instead of the intended frame, which could enable a sandbox escape. In addition to the standard Firefox release, Mozilla has updated Firefox ESR to versions 115.23 and 128.10 with the same security fixes. This feature allows users to create separate profiles to compartmentalize their browsing activities, keeping bookmarks, tabs, passwords, and browsing history segregated between different usage contexts. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 10:00:26 +0000


Cyber News related to Firefox 138 Released With Fix for Multiple High-severity Vulnerabilities

CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
6 years ago
CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
6 years ago
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
1 year ago Gbhackers.com CVE-2023-39294 CVE-2023-39296 CVE-2023-47219 CVE-2023-47559 CVE-2023-47560 CVE-2023-41287 CVE-2023-41288 CVE-2022-43634 CVE-2023-41289
Firefox 138 Released With Fix for Multiple High-severity Vulnerabilities - “By injecting code into the user-privileged process, an attacker could bypass intended access controls, allowing SYSTEM-level file operations on paths controlled by a non-privileged user and enabling privilege escalation,” Mozilla ...
1 month ago Cybersecuritynews.com CVE-2025-4083
CVE-2021-22331 - There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This ...
4 years ago
Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape - Mozilla on Tuesday announced security updates for both Firefox and Thunderbird, to address 21 vulnerabilities, including several memory safety issues. Firefox 121 was released with patches for 18 vulnerabilities, five of which have a 'high' severity ...
1 year ago Securityweek.com CVE-2023-6856 CVE-2023-6135 CVE-2023-6865 CVE-2023-6873 CVE-2023-6864
Firefox 137 Released With Fix for Multiple High Severity Vulnerabilities - This critical security update, announced on April 1, 2025, fixes several memory safety bugs and use-after-free vulnerabilities that posed significant risks to users of previous versions. The fixes in Firefox 137 and Thunderbird 137 included hardening ...
2 months ago Cybersecuritynews.com
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
1 year ago Bleepingcomputer.com
Zoom stomps critical privilege escalation bug, 6 other flaws The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Video conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a ...
1 year ago Go.theregister.com CVE-2024-24691 CVE-2024-24690 CVE-2024-24695 CVE-2024-24696 CVE-2024-24697 CVE-2024-24698 CVE-2024-24699
SAP Patches Critical Vulnerability in Business Technology Platform - German enterprise software maker SAP on Tuesday announced the release of 15 new and two updated security notes as part of its December 2023 Security Patch Day. Four of the December 2023 security notes have a severity rating of 'hot news', the highest ...
1 year ago Securityweek.com CVE-2023-49583
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
11 months ago Securityweek.com CVE-2024-36985 CVE-2024-36984
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
11 months ago Packetstormsecurity.com CVE-2024-36985 CVE-2024-36984
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability - Siemens and Schneider Electric have published their Patch Tuesday advisories for December 2023, addressing dozens of vulnerabilities affecting their products. Siemens has published 12 advisories that cover more than 30 vulnerabilities. The industrial ...
1 year ago Securityweek.com CVE-2022-42784 CVE-2022-0543
Multiple Flaws in Dell PowerProtect Products Execute Commands - Multiple vulnerabilities have been discovered in Dell's PowerProtect, which were associated with SQL injection, cross-site scripting, privilege escalation, command injection, and path tracing. The severity for these vulnerabilities ranges between 4.3 ...
1 year ago Cybersecuritynews.com CVE-2023-44286 CVE-2023-44284 CVE-2023-48668 CVE-2023-44277 CVE-2023-48667 CVE-2023-44279 CVE-2023-44278 CVE-2023-44285
SAP's April 2024 Updates Patch High-Severity Vulnerabilities - Enterprise software maker SAP on Tuesday announced the release of 10 new and two updated security notes, including three notes that address high-severity vulnerabilities. Of SAP's April 2024 security notes, the most severe addresses a security ...
1 year ago Securityweek.com
Misconfiguration and vulnerabilities biggest risks in cloud security: Report - The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig. While zero trust is a top priority, data showed ...
2 years ago Csoonline.com Hunters
Vulnerability Recap 4/15/24: Palo Alto, Microsoft, Ivanti Exploits - Typically, these vulnerabilities result in remote code execution or denial-of-service attacks, posing major dangers to users' data security. Multiple Vulnerabilities Discovered in LG WebOS Smart TVs. Type of vulnerability: Authorization bypass, ...
1 year ago Esecurityplanet.com CVE-2024-21894 CVE-2024-29990 CVE-2024-3383 CVE-2024-3400
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
4 months ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
8 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124
Microsoft Gives Admins a Reprieve With Lighter-Than-Usual Patch Update - In what's sure to be a refreshing break for IT and security teams, Microsoft's monthly security update for December 2023 contained fewer vulnerabilities for them to address than in recent months. The update included fixes for a total of 36 ...
1 year ago Darkreading.com CVE-2023-35618 CVE-2023-35641 CVE-2023-35630 CVE-2023-35636 CVE-2023-36696
Intel Discloses Max Severity Bug in Its AI Model Compression Software - Intel has disclosed a maximum severity vulnerability in some versions of its Intel Neural Compressor software for AI model compression. The bug, designated as CVE-2024-22476, provides an unauthenticated attacker with a way to execute arbitrary code ...
1 year ago Darkreading.com CVE-2024-22476
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Mozilla warns users to update Firefox before certificate expires - Mozilla is warning Firefox users to update their browsers to the latest version to avoid facing disruption and security risks caused by the upcoming expiration of one of the company's root certificates. "On 14 March a root certificate (the ...
3 months ago Bleepingcomputer.com
ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities - Siemens and Schneider Electric have published their March 2024 Patch Tuesday security advisories, which cover more than 200 vulnerabilities affecting their products. Siemens has published 11 new advisories describing a total of 214 vulnerabilities. A ...
1 year ago Securityweek.com CVE-2024-21762 CVE-2023-27997 CVE-2022-41328

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)