HTTP/2 302
via: 1.1 google, 1.1 varnish, 1.1 varnish
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
x-backend-server: bedrock-6594f89b97-fq2vx.gcp-us-west1
server: granian
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
location: /en-US/security/advisories/mfsa2025-73
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 0
date: Wed, 01 Oct 2025 10:39:14 GMT
x-served-by: cache-bom-vanm7210066-BOM, cache-bom-vanm7210072-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759315155.524619,VS0,VE325
vary: Accept-Language
content-length: 0
HTTP/2 301
via: 1.1 google, 1.1 varnish, 1.1 varnish
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
x-backend-server: bedrock-6594f89b97-8h2tr.gcp-us-west1
content-language: en-US
server: granian
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
location: /en-US/security/advisories/mfsa2025-73/
strict-transport-security: max-age=31536000
accept-ranges: bytes
age: 0
date: Wed, 01 Oct 2025 10:39:15 GMT
x-served-by: cache-bom-vanm7210067-BOM, cache-bom-vanm7210072-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759315155.869683,VS0,VE347
content-length: 0
HTTP/2 200
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin
via: 1.1 google, 1.1 varnish, 1.1 varnish
x-backend-server: bedrock-6594f89b97-wcx9p.gcp-us-west1
strict-transport-security: max-age=31536000
content-language: en-US
expires: Wed, 01 Oct 2025 10:49:15 GMT
etag: "1197ae50c6d8538f899a721688c18217"
x-frame-options: DENY
x-clacks-overhead: GNU Terry Pratchett
cache-control: max-age=600
server: granian
content-security-policy-report-only: style-src 'self' www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; object-src 'none'; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; frame-ancestors 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; base-uri 'none'; font-src 'self' www.mozilla.org; default-src 'self' *.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests
content-type: text/html; charset=utf-8
content-security-policy: style-src 'self' 'unsafe-inline' www.mozilla.org; media-src 'self' assets.mozilla.net videos.cdn.mozilla.net www.mozilla.org; object-src 'none'; img-src 'self' blog.mozilla.org data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com www.mozilla.org; frame-ancestors 'none'; form-action 'self' https://accounts.firefox.com/ https://basket.mozilla.org; base-uri 'none'; font-src 'self' www.mozilla.org; default-src 'self' *.mozilla.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' js.stripe.com s.ytimg.com tagmanager.google.com www.google-analytics.com www.googletagmanager.com www.mozilla.org www.youtube.com; connect-src 'self' https://accounts.firefox.com/ https://basket.mozilla.org o1069899.ingest.sentry.io o1069899.sentry.io region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.mozilla.org/submit/bedrock/; frame-src 'self' accounts.firefox.com js.stripe.com www.google-analytics.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests
x-content-type-options: nosniff
content-encoding: gzip
accept-ranges: bytes
date: Wed, 01 Oct 2025 10:39:15 GMT
age: 0
x-served-by: cache-bom-vanm7210026-BOM, cache-bom-vanm7210072-BOM
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1759315155.236728,VS0,VE372
vary: Accept-Encoding
content-length: 7910
Security Vulnerabilities fixed in Firefox 143 — Mozilla
Help us improve your Mozilla experience
In addition to Cookies necessary for this site to function, we’d like your permission to set some additional Cookies to better understand your browsing needs and improve your experience. Rest assured — we value your privacy.
Accept All Additional Cookies
Reject All Additional Cookies
Cookie settings
Mozilla Foundation Security Advisory 2025-73
Security Vulnerabilities fixed in Firefox 143
Announced
September 16, 2025
Impact
high Products
Firefox
Fixed in
Reporter
Oskar L
Impact
high
References
Reporter
Oskar L
Impact
high
References
Reporter
Daniel Holbert
Impact
moderate
References
Reporter
Hafiizh & Kang Ali
Impact
moderate
References
Reporter
Nikolaos Mourousias
Impact
moderate
References
Reporter
Gary Kwong
Impact
moderate
References
Reporter
Andrew Creskey
Impact
moderate
References
Reporter
Emma Zühlcke
Impact
low
References
Reporter
Rebeca Tudor
Impact
low
References
Reporter
Ibuki Sato
Impact
low
References
Reporter
Andrew McCreight and the Mozilla Fuzzing Team
Impact
high
Description
Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References
