Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards - #CVE-2025-4918
Mozilla has recently released critical updates for its Firefox browser to address two zero-day vulnerabilities, CVE-2025-4918 and CVE-2025-4919, discovered during the Pwn2Own Berlin hacking contest. These flaws, which could allow attackers to perform out-of-bounds operations and potentially execute malicious code, affect all Firefox versions prior to 138.0.4, as well as certain Extended Support Release versions. The vulnerabilities, related to JavaScript Promise object resolution and array index size optimization, were demonstrated by researchers who each earned $50,000 for their findings. Mozilla's swift response highlights the importance of prompt security updates in the ever-evolving landscape of cyber threats. Users are strongly encouraged to update their Firefox browsers immediately to protect against potential exploitation of these critical vulnerabilities.