Mozilla has officially launched Firefox 137 with crucial security fixes aimed at addressing several high-severity vulnerabilities reported by security researchers.
As part of its April 1, 2025, Mozilla Foundation Security Advisory (MFSA 2025-20), the foundation detailed three significant Common Vulnerabilities and Exposures (CVEs), which could have permitted attackers to exploit users’ machines through various means, including memory corruption and use-after-free bugs.
These vulnerabilities highlighted risks that could allow attackers to execute arbitrary code, compromise sensitive data, or destabilize systems.
.png
)
Users are strongly advised to update their browsers to Firefox 137 to ensure maximum protection.
Key Vulnerabilities Addressed
Mozilla patched the following vulnerabilities in this release:
| CVE ID | Description | Impacted Products | Severity |
| CVE-2025-3028 | Use-after-free triggered by XSLTProcessor while running JavaScript code during document transformation. | Firefox 136 | High |
| CVE-2025-3030 | Memory safety bugs in prior versions of Firefox, Thunderbird, and Firefox ESR. Some bugs showed evidence of memory corruption, potentially leading to arbitrary code execution. | Firefox 136, Thunderbird 136, Firefox ESR 128.8 | High |
| CVE-2025-3034 | Memory safety bugs in Firefox and Thunderbird. Exploitation could lead to arbitrary code execution due to memory corruption. | Firefox 136, Thunderbird 136 | High |
CVE-2025-3028: Use-After-Free Vulnerability
Reported by Ivan Fratric from Google Project Zero, this flaw involves the XSLTProcessor, which transforms XML documents using JavaScript code.
If exploited, this use-after-free vulnerability could allow attackers to execute malicious code by accessing freed memory.
CVE-2025-3030 & CVE-2025-3034: Memory Safety Bugs
Both CVE-2025-3030 and CVE-2025-3034 relate to memory safety bugs discovered by the Mozilla Fuzzing Team, among others.
These bugs, found in Firefox, Firefox ESR, and Thunderbird, demonstrated evidence of memory corruption. Mozilla presumes that given enough effort, attackers could exploit these vulnerabilities to inject and run malicious code.
Update Recommendations
Mozilla’s swift response to these shortcomings shows their unwavering commitment to security. Users are urged to update to Firefox 137 immediately. To ensure you’re protected:
- Visit the official Firefox website or access the browser’s built-in update feature.
- Thunderbird users should also update to Thunderbird 137 or Thunderboard ESR 128.9 to mitigate risks.
By staying up to date, users can enjoy secure browsing and protect their systems from potential cyberattacks.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
