CVE-2025-11711 | THREATINT

Description

There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability affects Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4.

PUBLISHED Reserved 2025-10-13 | Published 2025-10-14 | Updated 2025-11-03 | Assigner mozilla

Product status

Any version before 144

affected

Any version before 115.29

affected

Any version before 140.4

affected

Any version before 144

affected

Any version before 140.4

affected

Credits

EntryHi

References

lists.debian.org/debian-lts-announce/2025/10/msg00031.html

lists.debian.org/debian-lts-announce/2025/10/msg00015.html

bugzilla.mozilla.org/show_bug.cgi?id=1989978

www.mozilla.org/security/advisories/mfsa2025-81/

www.mozilla.org/security/advisories/mfsa2025-82/

www.mozilla.org/security/advisories/mfsa2025-83/

www.mozilla.org/security/advisories/mfsa2025-84/

www.mozilla.org/security/advisories/mfsa2025-85/

cve.org (CVE-2025-11711)

nvd.nist.gov (CVE-2025-11711)

Download JSON