Permissions, Privileges, and Access Controls in Mozilla products - CVE-2025-11711
Published: October 14, 2025
Vulnerability identifier: #VU116993
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-11711
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Firefox ESR
Mozilla Firefox
Firefox for Android
Firefox ESR
Mozilla Firefox
Firefox for Android
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions, which allows an malicious web application to modify JavaScript Object properties that were supposed to be non-writable. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
How to mitigate CVE-2025-11711
Install updates from vendor's website.