Firefox Zero-Days Exploited CVE-2025-4918 & CVE-2025-4919
π¨ Firefox Zero-Days Exploited at Pwn2Own Berlin – What Happened?
Mozilla has released urgent security updates addressing two critical zero-day vulnerabilities actively exploited in the wild, uncovered during the Pwn2Own Berlin 2025 security competition.
The affected vulnerabilities are:
- CVE-2025-4918: Out-of-bounds access vulnerability during Promise resolution in JavaScript.
- CVE-2025-4919: Out-of-bounds access vulnerability during linear sum optimization by the JavaScript JIT compiler.
Both flaws were demonstrated in successful exploit chains at Pwn2Own, which awarded researchers for their ability to trigger code execution through these bugs.
π Technical Overview – CVE-2025-4918 and CVE-2025-4919
CVE-2025-4918
- Type: Out-of-bounds access
- Component: JavaScript engine (Promise resolution)
- Impact: Potential out-of-bounds read/write, leading to arbitrary code execution
- Attack Vector: Crafted web content can trigger the flaw when interacting with
Promiseobjects
CVE-2025-4919
- Type: Out-of-bounds access
- Component: JIT Compiler
- Impact: Memory corruption during sum optimization, leading to arbitrary code execution
- Attack Vector: JavaScript execution in a browser context
Mozilla has confirmed both vulnerabilities are being exploited in the wild and released emergency patches for Firefox and Firefox ESR.
π― Affected Products and Versions
- All versions prior to Firefox 138.0.4 (including Firefox for Android)
- Firefox ESR prior to v128.10.1
- Firefox ESR prior to v115.23.1
βοΈ Mitigation and Patch Guidance
Mozilla users are strongly advised to upgrade immediately to the latest patched versions:
- Firefox version 138.0.4
- Firefox ESR 128.10.1
- Firefox ESR 115.23.1
You can update Firefox by navigating to:Menu β Help β About Firefox β Update
For enterprises using endpoint management tools, verify update deployment across all Windows, macOS, and Linux endpoints.
𧩠Detection and Indicators of Compromise (IOCs)
While Mozilla has not published specific IOCs, organizations should monitor for:
Behavioral Indicators
- Unusual JavaScript execution patterns in browser logs
- Unexpected process spawns from
firefox.exeor equivalent - Surges in memory-related crash reports involving
js::PromiseObjector JIT execution paths
SIEM Search Queries
Here are example queries for common SIEM platforms:
π§ Elastic (KQL):
process.name: "firefox.exe" and process.command_line: "*Promise*"π΅οΈ Splunk:
index=windows sourcetype=Sysmon process_name=firefox.exe ("Promise" OR "jit")βοΈ Wazuh:
rule.level:5 AND data.win.system.provider_name: "Mozilla" AND (data.win.eventdata.param1:"Promise" OR "jit")π‘οΈ Microsoft Sentinel (KQL):
DeviceProcessEvents | where FileName == "firefox.exe" and ProcessCommandLine contains "Promise"π’ Recommended Actions
β Patch Firefox and Firefox ESR immediately
π Consider temporarily disabling JavaScript in sensitive environments
π Monitor SIEM logs for suspicious Firefox behavior
π§° Leverage browser isolation or containerization for high-risk users
π‘οΈ Enable EDR and application control to mitigate post-exploitation attempts
π Strengthen Your Cybersecurity Posture
Given the remote code execution capabilities of this vulnerability and the increased focus of attackers on web browsers, it’s imperative to ensure your systems are protected. Our Patch Management Services can assist in timely updates and continuous monitoring to safeguard your infrastructure against such threats. In addition, our 24/7/365 MXDR and proactive threat hunting can help identify indicators of compromise and suspicious activity quickly, allowing for rapid response zero-day vulnerabilities.
Donβt leave your systems exposed. Our expert team can help you patch vulnerabilities promptly and monitor for threats continuously. Learn more about our Patch Management Services.