New Firefox Warning—Emergency Update Fixes Two Exploited Flaws
Emergency security updates are coming thick and fast, with Apple recently fixing two flaws being used in attacks and Google issuing critical patches for its Chrome browser.
Now, popular Chrome alternative, Mozilla's Firefox has issued an emergency fix for two security vulnerabilities already used in real-life attacks.
Firefox's owner Mozilla doesn't provide much detail about what's patched in its recent updates, for Firefox 138.0.4 Firefox Extended Support Release (ESR) 128.10.1 and Firefox ESR 115.23.1.
But the two Firefox flaws were demonstrated in real life at the hacker conference Pwn2Own in Berlin. The Pwn2Own security competition has so far seen a number of impressive hacks including a successful compromise of Windows 11 — which was hacked three times in one day — and a VMware zero-day exploit, covered by my colleague Davey Winder.
The first Firefox issue is a critical out-of-bounds access flaw in Firefox's JavaScript engine tracked as CVE-2025-4918 reported by Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative. 'An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object,' Mozilla wrote in an advisory.
Tracked as CVE-2025-4919, the second Firefox vulnerability involves out-of-bounds access when optimizing linear sums. Also marked as having a critical impact, its discovery is credited to Manfred Paul working with Trend Micro's Zero Day Initiative. 'An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes,' Firefox said.
The two Firefox issues are certainly serious, with each of the researchers awarded $50,000 at the Pwn2Own hackathon for their discovery. Both issues require little to no user interaction, with attackers able to execute code by tricking people into visiting malicious websites, so it makes sense to update as soon as you can.
This is especially important given that the information is already out there, meaning that the flaws could easily be exploited in additional attacks.
The update can be found via 'Help' on the Firefox Menu then selecting 'About Firefox.'
If you are using an Apple Mac device select 'About Firefox' from the Firefox menu.
So what are you waiting for? Update Firefox now to keep your browser safe.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gizmodo
7 hours ago
- Gizmodo
This Wireless Solar 360° Outdoor Camera Costs Peanuts, Amazon Is Clearing Stock Before Prime Day
This is the best outdoor camera on the market, offering stunning 3K resolution and a solar charging system. If you've been thinking about boosting your home security before summer vacation, now is the perfect time to act. Amazon is offering the eufy Security SoloCam S340 which is a wireless solar-powered outdoor camera at its lowest price ever—just $159, down 20% from its usual $199. This all-time low price is a great excuse to lock up your house before flying off on vacation. See at Amazon Best Outdoor Solar Camera The eufy SoloCam S340 offers great features and ease of use: One of its greatest strengths is the solar panel that comes integrated so you do not need to worry about replacing batteries or stringing up wires. The camera charges itself once installed as it harnesses sunlight so you can really set and forget. This is also useful during the summer when you're likely to be away for more extended periods: Your camera will keep working, keeping your property under surveillance without any further effort from you. Quality is yet another area where the SoloCam S340 delivers. The camera shoots at ultra-crisp 3K resolution so that you can see every detail inside and outside your home, both during the day and at night. Regardless of whether you must check on who is at the front door, guard the backyard, or see your driveway, the 360° pan and tilt feature of the camera assures there is no blind spot. You can adjust the camera from your phone and pivot its point in any direction, allowing it to be easy to oversee each region of your home remotely. The 8× zoom enables you to get a close-up glimpse of anything unusual, and two-camera functionality enables you to see wide angles and close-up at the same time. The one feature that makes this camera stand out from the rest is its smart AI tracking: The SoloCam S340 uses artificial intelligence to automatically track people or cars moving across your lawn. That is, you don't get static video, you get smart monitoring that focuses on what matters most and alerts you if anything unusual happens. Even when using AI tracking or dual-view mode, you still get crisp 2K video quality which is much more than adequate to capture faces and license plates with clearness. Installation is fast and simple, thanks to the camera's compact and wire-free design: It only takes a few minutes to install without tools or technical knowledge. Flexible mounting points mean you can position it wherever you like—on a wall, under an eave, or on a fence post. And with solar power, you don't have to search for an outlet or deal with unsightly wiring. For a mere $159 on Amazon, it's a bargain you won't regret. See offer
Wall Street Journal
7 hours ago
- Wall Street Journal
Semiconductor Subsidies? Tried and Failed
I was the CEO of Cypress Semiconductor, a chip company founded in 1982 that peaked in 2018 at $2.8 billion in revenue and 5,846 employees. In 2020 German chip maker Infineon acquired us for $10 billion. In 1987, the Semiconductor Industry Association decided that our industry needed to get on what I call welfare. The association lobbied Washington to fund a consortium called Sematech, grant it exemptions from antitrust laws, and fund a silicon-wafer fabrication plant. This was needed, the association said, because Japanese companies were about to wipe out the American semiconductor industry. As a chip company CEO, I never worried about getting wiped out, but I worried daily about rival memory chips from Hitachi, Toshiba, Mitsubishi and Fujitsu. That healthy competition made our company stronger, and in 2015 Cypress acquired Fujitsu's microcontroller team.
Motor Trend
11 hours ago
- Motor Trend
2025 Mercedes-Benz EQE500 4Matic Sedan First Test: Minor Updates, Mixed Results?
Pros Ultra-quiet cabin Super smooth ride Rear-steer nimbleness Cons EPA range decreases Soap bar styling Mediocre peak charging rate Mercedes-Benz set a high bar with the latest incarnation of the E-Class sedan and wagon, so much so that we named the redesigned model our 2025 Car of the Year. Now it's time to check on the award-winning luxury car's all-electric-powered counterpart, the 2025 Mercedes-Benz EQE-Class Sedan, which receives a smattering of slight changes for the new model year. 0:00 / 0:00 Chiefly, Mercedes equipped the midsize EQE with a bigger battery pack and recalibrated its braking software. To see how the latest updates have shaken out, we put this 2025 Mercedes-Benz EQE500 4Matic in Alpine Grey over Sable Brown and Black Nappa leather through our testing regimen. Improvements: Verified but Not Perfect In keeping with Mercedes-Benz's ethos for its non-AMG EVs, the 2025 EQE500 4Matic is quick without feeling overly aggressive when you punch the accelerator. But with 402 hp and 633 lb-ft of torque available from its dual-motor all-wheel-drive powertrain, there's plenty of juice on tap when you want to get going quickly. The sprint from 0 to 60 mph takes 4.0 seconds, an exercise that thrills at launch before settling into a smooth and linear pull to highway speeds. Wheeling the EQE500 4Matic around town is a pleasant, relaxing affair. Light, precise steering lends the driver a sense of confidence when navigating a curvy freeway ramp or making delicate maneuvers in a parking lot. That feeling is further amplified by a standard rear-axle steering setup, which helps the midsize sedan pivot with the poise of a compact. Equipped with electronically controlled air springs, the EQE500 exhibits a silky ride quality that takes the strain out of the daily commute. Despite a more aggressive 21-inch wheel and tire package, few road imperfections impinge on the EQE's comfortable character. The only time you're reminded of the large rims wrapped in thin rubber is when you hit a significant bump and the resulting shock rocks the cabin. Otherwise, the EQE500 4Matic's overall ride is as elegant and quiet as you'd expect from a Mercedes at this price point. While it's mostly good news from a ride and handling standpoint, the retune of the EQE's braking software is something of a mixed bag. Enable one-pedal driving and tap the left steering-wheel paddle for the most aggressive regenerative braking setting, and the EQE slows itself predictably and consistently, though you may find yourself using the actual brake pedal to finish the stop yourself. The biggest change is that the pedal doesn't move on its own anymore during regenerative braking, so it's always in the default position when you need it. There's now also more pedal feel than prior iterations of the EQE Sedan, especially at the top of travel. Beyond that point, it's something of a guessing game as to how much stopping power the EQE500 will apply. Fortunately, the Mercedes stays straight and level during panic stops. Braking from 60 to 0 mph matches that of the EQE500's AMG sibling; both models need a mere 105 feet to come to a halt—a hugely impressive number given its 5,520-pound curb weight. While the 2025 Mercedes-Benz EQE500 4Matic makes no pretensions of being a sport sedan, you may be tempted to toggle on Sport mode, toggle off traction control, and send it on a twisty road. If you do, its tires provide impressive grip, and the rear steer reins in understeer so long as you keep your hands steady. Underscoring its performance potential, the EQE500 4Matic managed an impressive 24.9-second lap around our one-third mile figure-eight test track before its grip started to go away. That's better than the dual-motor Genesis G80 Electric's result of 25.3 seconds and the dual-motor BMW i5 M60 xDrive's lap time of 25.2 seconds without the Dynamic Handling package. The EQE500's balanced approach to driving compares favorably to our gas-powered, Car of the Year–winning E-Class, a car that wowed us with its mastery of core competencies. When it comes to on-road performance, it's about as close as it gets between the two. Both models excel in real-world driving scenarios thanks to crisp, low-effort steering and ample power. And although the mild hybrid E-Class scores better in the overall brake feel department, the EQE counters that with its ability to come to a full stop as it regenerates battery power. Charging and Range Still in Need of Improvement But as composed and impressive as the updated 2025 EQE500 4Matic has shown itself to be on the road and on the track, its charging and range shortcomings remain an issue. While its new battery pack is bigger, with 96 kWh of capacity, peak charging still caps out at an unimpressive 170 kW. What's more, we only saw a peak of 162 kW in our charging test at an average of 121 kW from 5 to 80 percent over 38 minutes. You can add 98 miles of range in 15 minutes, a result that falls short of the likes of other larger electric cars we've tested from BMW, Lucid, and Porsche. Charge at home, as we suspect many EQE-Class drivers will have the option to do, and those weaknesses are unlikely to be nearly as much of an issue. Range also dips despite the updates. With an EPA combined rating of 266 miles (down from 298 miles for the 2024 model), the EQE500 has some limitations as a long-haul conveyance. On the plus side, the EQE500 4Matic performed well in our Road-Trip Range test, which evaluates how far you can drive at a steady 70 mph from 100 percent to 5 percent charge. In our testing we recorded 264 miles, which is just 1 percent off its official rating—a result that should help soothe any range anxiety concerns. Life Inside the EQE-Class Another soothing aspect of the EQE500 is its well-appointed, comfortable cabin. Unlike the entry-level EQE350+ and EQE350 4Matic variants, this upper-level sedan comes standard with Mercedes-Benz's Hyperscreen, a trio of displays housed under a single pane of glass. The user interface's sprawling menus and applications continue to be refined, and among its more useful and novel features are improved voice commands, wireless Apple CarPlay and Android Auto, and fingerprint user profiles. Some areas still need more polish, however, namely the camera feeds. Although they're displayed at a high resolution, the 360-degree overhead and other 3D views show an artificially generous boundary around the car to provide a buffer zone. Additionally, the crop of the backup camera is too narrow to depict exactly where the rear of the Mercedes will go when you're in reverse. You won't curb a wheel, but these imprecisions make it tough to know exactly how close the EQE is in relation to other cars and obstacles in tight spots. One area that apparently did get some needed polish was an issue we've previously reported with Mercedes-Benz EQ models where otherwise high-quality-looking plastics could flex easily and squeak when pressure was applied. Thankfully, this seems to have been remedied as part of the EQE's 2025 model year update Otherwise, our decked-out test car coddled us with heated and ventilated massaging seats, a heated steering wheel, wireless charging, and a rich-sounding Burmester audio setup with 15 speakers. Standard 64-color ambient lighting allows the cabin's atmosphere to be configured to the driver's taste. We'd also be remiss if we didn't call out this particular model's headrest pillows, which are super soft and supportive. Passengers benefit from an upscale second row with generous legroom. The trunk is somewhat oddly shaped, but there's plenty of space for groceries or luggage. Highway driving assistance features perform well and make few errors while the Digital Light package equips active headlights with curve adaptive functionality and puddle lighting to illuminate the road with alerts for other motorists. From a practical standpoint, the EQE's overall utility outshines any of its minor foibles. An Electric E-Class? While the 2025 Mercedes-Benz EQE makes a better attempt than ever at delivering the same well-rounded excellence that made the E-Class a Car of the Year winner, its average efficiency, charging, and camera tech conspire to hold it back a notch. And although its improved braking is a plus, Mercedes' engineers still have work to do before the stoppers deserve genuine praise. Then there's the matter of the EQE's Apple Mouse/soap bar exterior styling, which for many is an acquired taste at best and a turnoff at worst. Prices begin at $87,050 and climb to $101,070 for a vehicle equipped in the same way as our test model shown here. That's a steep ask for any midsize luxury EV, especially when considering competitively priced flagship models such as the Lucid Air, Tesla Model S, and Porsche Taycan. Still, the 2025 Mercedes-Benz EQE500 4Matic is as quiet and comfortable as you'd hope a vehicle wearing the Three-Pointed Star would be. Taken as a whole, the EQE should meet the requirements of those in search of a luxurious, all-electric-powered daily driver that feels spacious without the oversized exterior dimensions.
