Mozilla has patched several flaws affecting its Firefox and Thunderbird software that could allow an attacker to remotely execute malicious code.
Users are advised to install the latest security updates on their devices
Photo Credit: Pexels/ Sora Shimazaki
Mozilla has patched multiple security vulnerabilities across its products, according to an advisory issued by the Indian Computer Emergency Response Team (CERT-In). The “high” severity security flaws could allow attackers to execute malicious code using vulnerabilities on older versions of Firefox. The vulnerabilities impact Firefox, Firefox Extended Support Release (ESR), and Mozilla's Thunderbird email client. CERT-In has urged individuals and organisations to update immediately to the latest versions to remain protected against potential data theft, system compromise, and information disclosure.
The affected software includes Mozilla Firefox 144, Firefox ESR 140.4, and Mozilla Thunderbird 144, as well as older versions, the nodal cybersecurity agency states in its Vulnerability Note CIVN-2025-0273, published on October 18. These vulnerabilities could allow unauthorised access to sensitive information, leading to potential data theft, information disclosure, or full system compromise.
The security flaws stem from multiple issues, including use-after-free errors, memory corruption, API misuse by web extensions, out-of-bounds reads and writes, cross-process information leaks, and improper handling of browser object properties. Some vulnerabilities also impact the Android versions of Firefox and Thunderbird, including spoofing risks and improper display of sensitive fields.
End users and organisations are urged to update Mozilla products immediately. Updating prevents attackers from accessing sensitive data or executing code. CERT-In has urged users to apply patches promptly and monitor Mozilla security advisories for future updates.
Mozilla has addressed these issues with a series of updates. Users are advised to install the following patches, including Firefox 144 (MFSA 2025-81), Firefox ESR 115.29 (MFSA 2025-82), Firefox ESR 140.4 (MFSA 2025-83), Thunderbird 140.4 (MFSA 2025-85), and Thunderbird 144 (MFSA 2025-84). Full details are available on Mozilla's security advisory pages, and users should update to the latest available version to remain protected from these vulnerabilities.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.