Main Vulnerability Database Vulnerabilities #VU116992

#VU116992 Information disclosure in Mozilla products - CVE-2025-11710

Published: October 14, 2025

Vulnerability identifier: #VU116992

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-11710

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox ESR
Mozilla Firefox
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A compromised web process using malicious IPC messages can cause the privileged browser process to reveal blocks of its memory to the compromised process.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2025-82/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-83/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-81/
https://bugzilla.mozilla.org/show_bug.cgi?id=1989899

#VU116992 Information disclosure in Mozilla products - CVE-2025-11710

Description

Remediation

External links

Please verify you're human