#VU116993 Permissions, Privileges, and Access Controls in Mozilla products - CVE-2025-11711
Published: October 14, 2025
Vulnerability identifier: #VU116993
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-11711
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Firefox ESR
Mozilla Firefox
Firefox for Android
Firefox ESR
Mozilla Firefox
Firefox for Android
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to application does not properly impose security restrictions, which allows an malicious web application to modify JavaScript Object properties that were supposed to be non-writable. A remote attacker can trick the victim into visiting a specially crafted website and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.