FOCUS MODE
EXTRACT IOC
Threat Research

Firefox 135, New Translation Languages and Security Updates

iocOne
Firefox 135, New Translation Languages and Security Updates
A recent security update for Mozilla Firefox includes new features and enhancements aimed at improving user experience and security. Highlights include new language translation support, better protection against unwanted browser history tracking, and wider access to AI chatbot features. The update also addresses several security vulnerabilities, with specific fixes to prevent potential exploits. Affected: Firefox, Mozilla, AI Chatbot, Internet Security

Keypoints :

  • Mozilla Firefox received a security and new features update.
  • Support for translations in Korean, Japanese, Chinese, and Russian was added.
  • New features include enhanced protection against browser history misuse.
  • AI chatbot access is expanded to all users.
  • A new tab layout refresh has been rolled out.
  • The built-in translation function operates locally without sending data to remote servers.
  • Multiple security vulnerabilities were addressed in this update.
  • Firefox’s certificate transparency policy was updated to enhance security.
  • Memory safety bugs were fixed across various versions of Firefox and Thunderbird.

MITRE Techniques :

  • Use-After-Free (CVE-2025-1009): An attacker could exploit crafted XSLT data, potentially leading to a crash.
  • Use-After-Free (CVE-2025-1010): Issues in the Custom Highlight API allowing for potentially exploitable crashes.
  • Exploitation of Fullscreen Notification Malfunction (CVE-2025-1018): Quick re-requesting of fullscreen could lead to spoofing attacks.
  • Crashes due to WebAssembly Code Generation Bugs (CVE-2025-1011): Potential for attackers to achieve code execution via WebAssembly bugs.
  • Race Condition leading to Use-After-Free during Concurrent Delazification (CVE-2025-1012).
  • Potential Spoofing Attack through Manipulation of the Z-Order of Browser Windows (CVE-2025-1019).
  • Privacy Leak through Race Condition Opening Private Tabs in Normal Windows (CVE-2025-1013).
  • Certificate Length Validation Not Properly Checked (CVE-2025-1014).
  • Memory Safety Bugs resolved in various versions affecting arbitrary code execution (CVE-2025-1016, CVE-2025-1017, CVE-2025-1020).

Indicator of Compromise :

  • [CVE] CVE-2025-1009
  • [CVE] CVE-2025-1010
  • [CVE] CVE-2025-1011
  • [CVE] CVE-2025-1012
  • [CVE] CVE-2025-1013

Full Story: http://wezard4u.tistory.com/429400

Tags: SPOOFING, LEAK, CVE, EXPLOIT, BROWSER, WINDOWS