HTTP/2 302
via: 1.1 google, 1.1 varnish, 1.1 varnish
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
x-backend-server: bedrock-5bfdbb6f5f-c6vbx.gcp-us-west1
server: granian
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
location: /en-US/security/advisories/mfsa2025-57/
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 0
date: Tue, 07 Oct 2025 20:02:15 GMT
x-served-by: cache-bom-vanm7210092-BOM, cache-bom-vanm7210064-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759867336.522066,VS0,VE244
vary: Accept-Language
content-length: 0
HTTP/2 200
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-backend-server: bedrock-5bfdbb6f5f-v22t9.gcp-us-west1
strict-transport-security: max-age=31536000
content-language: en-US
expires: Tue, 07 Oct 2025 20:12:15 GMT
etag: "17ac54324f3109e2b359424531416557"
x-frame-options: DENY
x-clacks-overhead: GNU Terry Pratchett
cache-control: max-age=600
server: granian
content-security-policy-report-only: connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; font-src 'self' www.mozilla.org; frame-ancestors 'none'; object-src 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; default-src 'self' *.mozilla.org; upgrade-insecure-requests; style-src 'self' www.mozilla.org
content-type: text/html; charset=utf-8
content-security-policy: connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; font-src 'self' www.mozilla.org; frame-ancestors 'none'; object-src 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; base-uri 'none'; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; default-src 'self' *.mozilla.org; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' www.mozilla.org
x-content-type-options: nosniff
content-encoding: gzip
accept-ranges: bytes
age: 0
date: Tue, 07 Oct 2025 20:02:16 GMT
x-served-by: cache-bom-vanm7210049-BOM, cache-bom-vanm7210064-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759867336.779596,VS0,VE327
vary: Accept-Encoding
content-length: 7622
Security Vulnerabilities fixed in Firefox ESR 115.26 — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Mozilla Foundation Security Advisory 2025-57
Security Vulnerabilities fixed in Firefox ESR 115.26
Announced
July 22, 2025
Impact
high Products
Firefox ESR
Fixed in
Reporter
Nan Wang
Impact
high
Description
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits.
References
Reporter
Gary Kwong
Impact
high
Description
On arm64, a WASM br_table instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of the branch address.
References
Reporter
Shaheen Fazim
Impact
low
Description
The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref.
References
Reporter
the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
