CERT-In Warns Mozilla Users To Update Immediately As Major Security Flaws Found

Patches for high-severity vulnerabilities recently released for Firefox, Firefox ESR, and Thunderbird email client software Mozilla recently released software and patches for the email client Thunderbird, Firefox, and Firefox Extended Support Release (ESR). Now, the Mozilla software patches for the Thunderbird email client and Firefox programs are also issued for Indian users. These vulnerabilities present hackers with an opportunity to run unwanted code, compromise systems, or steal data if running outdated software is present on an affected system.

Multiple Mozilla Products Affected

The bugs impact Mozilla Firefox 144, Firefox ESR 140.4 and Thunderbird 144 among all past releases. CERT-In Vulnerability Note CIVN-2025-0273 released on 18th October, classifies the bug as high severity and recommends it be fixed by both individuals and organisations asap.

ALSO READ: OpenAI Tightens Controls On Sora After Backlash Over Celebrity Deepfakes

These vulnerabilities range from use-after-free, memory corruption, out-of-bounds read/write/execute and various other issues such as API abuse by web extensions and cross-process data leaks. Other issues at risk are not properly XRAY’ing browser object properties and security vulnerabilities in Firefox and Thunderbird mobile versions that might reveal private user data.

Why It Matters

The exploitable potential of such vulnerabilities encompasses code execution, remote control of a machine, and unauthorised access to confidential data. Users are advised to do so without delay or else face the consequences of phishing, unauthorised data access, and illicit data removal.

ALSO READ: WhatsApp Testing Message Limits To Curb Spam And Unwanted Chats

Patches Now Available

Mozilla now offers updates to address this problem for its users, who should upgrade to the latest version for optimal results:

- Firefox 144 (MFSA 2025-81)

- Firefox ESR 115.29 (MFSA 2025-82)

- Firefox ESR 140.4 (MFSA 2025-83)

- Thunderbird 140.4 (MFSA 2025-85)

- Thunderbird 144 (MFSA 2025-84)

Mozilla users can visit the security advisory page or use their apps' Help - About menu to update themselves automatically. CERT-In also advised applying these patches as soon as possible and keep an eye on further advisories to stay safe.