What security vulnerabilities does Firefox 142 fix?

Mozilla Foundation has released Firefox 142 to patch nine security vulnerabilities, including a critical sandbox escape vulnerability in the Audio/Video GMP component and multiple memory safety bugs that were present in Firefox 141 and Thunderbird 141.

What is the most critical vulnerability fixed in Firefox 142?

The most critical vulnerability is CVE-2025-9179 (CVSS score 9.8), a sandbox escape due to invalid pointer in the Audio/Video: GMP component, reported by Oskar. This vulnerability could allow attackers to break out of Firefox's security sandbox.

How many vulnerabilities does Firefox 142 patch in total?

Firefox 142 patches nine security vulnerabilities, ranging from critical memory safety bugs to spoofing issues and denial-of-service vulnerabilities.

Which vulnerabilities have the highest CVSS scores in Firefox 142?

Two vulnerabilities have the highest CVSS scores of 9.8: CVE-2025-9179 (sandbox escape in Audio/Video GMP component) and CVE-2025-9187 (memory safety bugs fixed in Firefox 142 and Thunderbird 142).

What are the memory safety vulnerabilities fixed in Firefox 142?

Three memory safety vulnerabilities were fixed: CVE-2025-9187 (CVSS 9.8) affecting Firefox 142 and Thunderbird 142, CVE-2025-9184 (CVSS 8.8) affecting multiple Firefox and Thunderbird versions, and CVE-2025-9185 (CVSS 8.8) affecting various ESR and current versions.

Are there any same-origin policy bypass vulnerabilities in Firefox 142?

Yes, CVE-2025-9180 (CVSS score 8.1) is a same-origin policy bypass vulnerability in the Graphics: Canvas2D component, reported by Tom Van Goethem. This vulnerability is rated as High severity by Mozilla.

Does Firefox 142 fix any Android-specific vulnerabilities?

Yes, CVE-2025-9186 (CVSS score 6.5) is a spoofing issue in the Address Bar component of Firefox Focus for Android, reported by Kevin Brosnan.

Are there any denial-of-service vulnerabilities fixed in Firefox 142?

Yes, CVE-2025-9182 (CVSS score 7.5) is a denial-of-service vulnerability due to out-of-memory issues in the Graphics: WebRender component, reported by Irvan Kurniawan.

Have any of these Firefox vulnerabilities been actively exploited?

Mozilla has not disclosed whether any of these vulnerabilities have been actively exploited in the wild. However, given the critical nature of the memory corruption flaws, immediate patching is essential for maintaining browser security.

What JavaScript Engine vulnerability was fixed in Firefox 142?

CVE-2025-9181 (CVSS score 6.5) addresses uninitialized memory issues in the JavaScript Engine component, reported by Irvan Kurniawan.

Are there any address bar spoofing vulnerabilities in Firefox 142?

Yes, there are two address bar spoofing vulnerabilities: CVE-2025-9186 (CVSS 6.5) affecting Firefox Focus for Android and CVE-2025-9183 (CVSS 6.5) affecting the general Address Bar component, reported by Kevin Brosnan and Renwa respectively.

Who discovered the vulnerabilities fixed in Firefox 142?

The vulnerabilities were discovered by various security researchers including Oskar, Andy Leiserson, Maurice Dauer, Sebastian Hengst, Paul Bone, Ryan VanderMeulen, Tom Van Goethem, Irvan Kurniawan, Kevin Brosnan, Renwa, and the Mozilla Fuzzing Team.

Does Firefox 142 also fix vulnerabilities in Thunderbird?

Yes, several of the memory safety vulnerabilities fixed in Firefox 142 also affect Thunderbird, with patches available in Thunderbird 142, Thunderbird ESR 140.2, and Thunderbird ESR 128.14 depending on the specific vulnerability.

Why should users update to Firefox 142 immediately?

Users should update immediately because Firefox 142 fixes critical security vulnerabilities including a sandbox escape flaw and multiple memory safety bugs with CVSS scores up to 9.8. These vulnerabilities could potentially allow attackers to execute arbitrary code or bypass security protections.

Advisory

Mozilla patches multiple Vulnerabilities in Firefox, Thunderbird

published: Aug. 20, 2025

Take action: Patch your Firefox and Firefox based browsers (Waterfox, Tor) and your Thunderbird. The scoring of Mozilla says these are not critical flaws, but the CVSS score is quite high. So patch your browsers since they are by their nature exposed to everything malicious on the Web. And patching is trivial, all your tabs reopen.

Learn More

Mozilla Foundation has released Firefox 142 to patch multiple security vulnerabilities in Firefox and critical.

The new release patches nine vulnerabilities including a sandbox escape vulnerability in the Audio/Video GMP component and memory safety bugs that were present in Firefox 141 and Thunderbird 141.

Vulnerabilities summary:

CVE-2025-9179 (CVSS score 9.8, Mozilla score High) - Sandbox escape due to invalid pointer in the Audio/Video: GMP component, reported by Oskar
CVE-2025-9187 (CVSS score 9.8, Mozilla score High) - Memory safety bugs fixed in Firefox 142 and Thunderbird 142, reported by Andy Leiserson, Maurice Dauer, Sebastian Hengst and the Mozilla Fuzzing Team
CVE-2025-9184 (CVSS score 8.8, Mozilla score High) - Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142, reported by Paul Bone, Ryan VanderMeulen and the Mozilla Fuzzing Team
CVE-2025-9185 (CVSS score 8.8, Mozilla score High) - Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142, reported by The Mozilla Fuzzing Team
CVE-2025-9180 (CVSS score 8.1, Mozilla score High) - Same-origin policy bypass in the Graphics: Canvas2D component, reported by Tom Van Goethem
CVE-2025-9182 (CVSS score 7.5) - Denial-of-service due to out-of-memory in the Graphics: WebRender component, reported by Irvan Kurniawan
CVE-2025-9181 (CVSS score 6.5) - Uninitialized memory in the JavaScript Engine component, reported by Irvan Kurniawan
CVE-2025-9186 (CVSS score 6.5) - Spoofing issue in the Address Bar component of Firefox Focus for Android, reported by Kevin Brosnan
CVE-2025-9183 (CVSS score 6.5) - Spoofing issue in the Address Bar component, reported by Renwa

Firefox 142 is now available for download and automatically updates for existing users. Mozilla strongly recommends that all Firefox users update to version 142 immediately to protect against these vulnerabilities.

The company has not disclosed whether any of these vulnerabilities have been actively exploited in the wild, but given the critical nature of the memory corruption flaws, immediate patching is essential for maintaining browser security.

Mozilla patches multiple Vulnerabilities in Firefox, Thunderbird

Read More
Intel Patches vulnerability found in many generations of …
Microsoft confirms active exploitation of CVE-2024-43461, don't delay …
D-Link confirms critical flaw affecting over 60,000 end-of-life …
VMware releases patch for Workstation, Fusion and ESXi …
Critical Zero-Click Vulnerability Reported in Telegram