Mozilla Foundation Security Advisory 2025-47

Security Vulnerabilities fixed in Firefox 139.0.4

Announced

June 10, 2025

Impact

high

Products

Firefox

Fixed in

Firefox 139.0.4

#CVE-2025-49709: Memory corruption in canvas surfaces

Reporter: Yannis Juglaret and Steven Michaud
Impact: high

Description

Certain canvas operations could have lead to memory corruption.

References

Bug 1966083

#CVE-2025-49710: Integer overflow in OrderedHashTable

Reporter: Shaheen Fazim
Impact: high

Description

An integer overflow was present in OrderedHashTable used by the JavaScript engine

References

Bug 1970095

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising

Mozilla Builders

Mozilla New Products

Mozilla Foundation Security Advisory 2025-47

Security Vulnerabilities fixed in Firefox 139.0.4

#CVE-2025-49709: Memory corruption in canvas surfaces

Description

References

#CVE-2025-49710: Integer overflow in OrderedHashTable

Description

References