Firefox 135.0.1 Released: High-Severity Security Vulnerabilities Fixed

Mozilla has released Firefox 135.0.1 to protect users from potential Remote Code Execution (RCE) attacks. This update addresses a critical security vulnerability (CVE-2025-1414) that could have compromised systems and exposed user data.

This vulnerability is classified as CWE-119 (Memory Corruption) and occurred due to improper boundary checks during HTML content processing. Attackers could craft malicious websites to exploit memory corruption and execute arbitrary code on unpatched systems. The memory-related flaws in Firefox 135.0 posed a significant risk of full system compromise, earning a CVSS v4.0 rating of 6.1 (High).

Mozilla engineer Andrew McCreight, who discovered the issue, noted that it stemmed from flaws in Firefox’s handling of JavaScript and DOM events. These errors allowed attackers to bypass browser sandboxing mechanisms, steal user sessions, deploy malware, and move laterally within corporate networks.

In addition to patching CVE-2025-1414, this update resolves the following functional issues:

• Menu responsiveness issues: Some websites experienced problems with mouse event handling, which have now been fixed.
• Anchor tag scrolling errors: Fixed incorrect scroll positioning when navigating via anchor tags.
• Session restoration failures: Resolved an issue that prevented users from restoring closed windows and tabs after upgrading.

Mozilla has also improved security for users with custom search engines, addressing crashes caused by oversized icon files. While these fixes are less critical than security patches, they contribute to overall browser stability and security.

Security Recommendations

• Update your browser: Go to Menu > Help > About Firefox to check for updates, or download the latest version from Mozilla’s official website.
• Enable automatic updates: Ensure you receive critical security patches as soon as they are released.
• Secure corporate networks: Deploy updates immediately on systems handling sensitive data and restrict access to untrusted websites.
• Use network segmentation: Prevent attackers from moving laterally in case of a breach.
• Recommendations for developers: Apply fuzz testing and static analysis to detect memory-related vulnerabilities before deployment.

Firefox 135.0.1 demonstrates Mozilla’s ongoing commitment to browser security. Users and organizations should install this update immediately to protect their systems from potential exploits.

Additional Security Measures

• Protect user data: Use strong passwords and enable two-factor authentication (2FA).
• Implement cybersecurity tools: Utilize antivirus solutions and network security applications for added protection.
• Stay informed: Keep up with the latest cybersecurity news and updates to respond promptly to emerging threats.

By following these measures, you can significantly enhance the security of your browser and entire system.