Firefox 140 Patches Critical Code Execution Flaws

Mozilla has released Firefox 140, addressing a collection of critical security vulnerabilities that include a high-severity code execution flaw. Firefox 140 patches critical issues such as CVE-2025-6424, a use-after-free bug in the FontFaceSet component, which could allow attackers to execute arbitrary code on targeted systems.

The update resolves 12 security flaws, including CVE-2025-6436, a group of memory safety bugs identified through internal testing. These vulnerabilities impacted both Firefox and Thunderbird 139 and showed signs of memory corruption. Firefox 140 patches critical flaws across desktop and mobile platforms, including exploits specific to macOS and Android.

Additional fixes include a UUID exposure issue in the WebCompat extension, a macOS warning dialog bypass, and Android vulnerabilities tied to URL handling and external application prompts. Mozilla also addressed multiple Content Security Policy bypasses that could enable cross-site scripting.

Users and administrators should update immediately to reduce exposure to these threats.

Firefox 140 Released With Fix for Code Execution Vulnerability – Update Now