Browsers are targets for malware, and Firefox isn't the only browser to discover zero-day exploits in recent days. Earlier this month, Google released an emergency patch for Chrome to address a high-severity vulnerability (CVE-2025-4664) that permitted full account takeover—CISA later confirmed that this flaw was being actively exploited in attacks. (If you're using Chrome, you should consider other privacy-focused browser alternatives anyway.)
CVE-2025-4918 was discovered by Edouard Bochin and Tao Yan from Palo Alto Networks, while CVE-2025-4919 was reported by Manfred Paul—each won $50,000 for their hacks.
Firefox before 138.0.4
Firefox ESR before 115.23.1
While Mozilla was quick to address these flaws, the company notes that neither broke out of Firefox's "sandbox," which would be required in order to take control of a target's machine. That's a good sign for Firefox's overall security, as attackers at previous Pwn2Own competitions successfully broke out of the sandbox. Still, Mozilla recommends all users install the new patches as soon as possible.
How to update Firefox to the latest version
About Firefox. Click the Restart to Update Firefox button if it appears.
Read More Details
Finally We wish PressBee provided you with enough information of ( Mozilla Just Patched Two Firefox Zero-Days Discovered at a Hacking Contest )
Also on site :