Analysis Summary

CVE-2025-11721 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-11715 CVSS:8.8

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

CVE-2025-11713 CVSS:8.1

Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by insufficient escaping in the “Copy as cURL” feature. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.

Impact

• Code Execution
• Denial of Service

Indicators of Compromise

CVE

• CVE-2025-11721

• CVE-2025-11715

• CVE-2025-11713

Affected Vendors

Affected Products

• Mozilla Firefox 143

Remediation

Refer to Mozilla Foundation Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-11721

CVE-2025-11715

CVE-2025-11713