Mozilla releases security updates for Firefox, Firefox ESR and Thunderbird for several vulnerabilities.

Good day everyone !

Mozilla has released security updates for Firefox 139.0, Firefox ESR 128.11.0 , 115.24.0 and Thunderbird 139.0 and 128.11.0. The details of the vulnerabilities fixed are as follows:

Platform	CVE ID	Vulnerability	Impact
Firefox 139	MFSA-TMP-2025-0001	Double-free in libvpx encoder	Critical
Firefox 139	CVE-2025-5263	Error handling for script execution was incorrectly isolated	Moderate
Firefox 139	CVE-2025-5264	Local code execution in “Copy as cURL” (newline char)	Moderate
Firefox 139 (Windows only)	CVE-2025-5265	Local code execution in “Copy as cURL” (ampersand char)	Moderate
Firefox 139	CVE-2025-5266	Script element events leaked cross-origin resource status	Moderate
Firefox 139	CVE-2025-5270	SNI was sometimes unencrypted	Low
Firefox 139	CVE-2025-5271	Devtools’ preview ignored CSP headers	Low
Firefox 139	CVE-2025-5267	Clickjacking could leak saved payment card details	Low
Firefox 139, Thunderbird 139, ESR 128.11	CVE-2025-5268	Memory safety bugs in previous versions, potentially exploitable	Moderate
Firefox 139, Thunderbird 139	CVE-2025-5272	Memory safety bugs, possibly exploitable	Moderate

To patch these vulnerabilities, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems.

PATCH ID	BULLETIN ID	PATCH DESCRIPTION
348327	TU-027	Mozilla Firefox (x64) (139.0)
348326	TU-027	Mozilla Firefox (139.0)
348329	TU-054	Mozilla Firefox ESR (128) (x64) (128.11.0)
348328	TU-054	Mozilla Firefox ESR (128) (128.11.0)
348331	TU-054	Mozilla Firefox ESR (115) (x64) (115.24.0)
348330	TU-054	Mozilla Firefox ESR (115) (115.24.0)
348333	TU-028	Mozilla Thunderbird (x64) (139.0)
348332	TU-028	Mozilla Thunderbird (139.0)
348335	TU-028	Mozilla Thunderbird 128 (x64) (128.11.0)
348334	TU-028	Mozilla Thunderbird 128 (128.11.0)