For those using Firefox, an important update is available. Mozilla has issued a security patch addressing two zero-day vulnerabilities spotted during the recent Pwn2Own hacking competition in Berlin. Zero-day vulnerabilities are significant security issues that have not yet received an official fix, and that attackers are actively exploiting.

Web browsers are frequent targets for malicious software, and Firefox is not alone in facing zero-day exploits. Earlier this month, Google also released an urgent update for Chrome to remedy a high-stakes vulnerability (CVE-2025-4664) that allowed the complete takeover of user accounts. The Cybersecurity and Infrastructure Security Agency (CISA) later confirmed that this vulnerability was being exploited in the wild, prompting users to consider alternative privacy-centric browsers as a precaution.

Identified Zero-Day Vulnerabilities in Firefox

The two zero-day vulnerabilities discovered at Pwn2Own Berlin involve out-of-bounds issues allowing attackers to either read or write data, which could potentially lead to unauthorized access to confidential information or even code execution. CVE-2025-4918 allows the reading or writing of a JavaScript Promise object, while CVE-2025-4919 permits the same actions on a JavaScript object.

The vulnerabilities were reported by Edouard Bochin and Tao Yan from Palo Alto Networks and Manfred Paul, respectively, with each researcher receiving a reward of $50,000 for their findings.

The versions of Firefox affected by these vulnerabilities, which require immediate updating, are:

• Firefox versions prior to 138.0.4
• Firefox Extended Support Release (ESR) before 128.10.1
• Firefox ESR versions before 115.23.1
• Firefox for Android

While Mozilla acted swiftly to resolve these vulnerabilities, the company has indicated that neither vulnerability escaped Firefox’s “sandbox” environment—a necessary step for an attacker to gain control over a user’s device. This is a reassuring factor for the overall security of Firefox, especially since past competitions have seen attackers successfully breach the sandbox. Nonetheless, it’s advisable for all users to implement the latest patches promptly.

Steps to Update Firefox

To ensure that your Firefox browser is current, check your version by navigating to Firefox > About Firefox. If an update is available, simply click the Restart to Update Firefox button that appears.