EXECUTIVE SUMMARY
A Mozilla released urgent Firefox updates on November 11, 2025, patching 16 vulnerabilities including critical remote code execution and sandbox escape flaws across Firefox 145 and ESR versions. Immediate updates are recommended to protect users from exploits requiring no interaction beyond standard browsing.
- Active Region: Global
- Affected Sector: All sectors using Firefox affected versions
- Affected Product: Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30.
- Severity: High
- Published Date: November 11, 2025
TECHNICAL DETAILS
Exploits chain crafted web content (WebGPU/JS) to trigger implementation bugs (bounds/race/UAF/JIT) for renderer RCE, then escalate via sandbox‑escape flaws to access process‑level secrets and persist.
- Target: Remote code execution, sandbox escape, and sensitive‑data exfiltration (cookies/tokens/local secrets) via the renderer/GPU/JIT/DOM components in Firefox 145, ESR 140.5, ESR 115.30.
- Root Cause: Implementation defects incorrect boundary checks in WebGPU/graphics, race conditions, memory-safety bugs (use-after-free), and JIT miscompilation…..
