Mozilla Firefox 138.0.4 fixes two critical security issues in the browser (ESR affect

[harlan4096]

Mozilla released a critical security update for its open source Firefox web browser that addresses two security issues used during the Pwn2Own Berlin 2025 security event to exploit the browser.

The details:

• The two security issues have a severity rating of critical.
  
• They were successfully exploited during the 2025 Berlin Pwn2Own event.
  
• Updates are available for Firefox Stable and Firefox ESR.
  

Firefox users who run the stable version of  the web browser are encouraged to install the update to Firefox 138.0.4 as soon as possible to protect their data from potential attacks targeting the vulnerability. Considering that the exploits have been demonstrated successfully during the event, it is possible that malware actors will replicate them.

Both Firefox ESR, extended support release, versions are also affected. Mozilla maintains two ESR branches at the moment, one older operating systems such as Windows 7 and the other for current operating systems, such as Windows 10 and 11.

Continue Reading...