CVE-2025-11711
Some non-writable Object properties could be modified
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
| Vendor | mozilla |
| Product | firefox |
| Ecosystems | |
| Industries | Technology |
| Published | Oct 14, 2025 |
| Last Updated | Apr 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for mozilla firefox
Be the first to know when new medium vulnerabilities affecting mozilla firefox are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Mozilla / Firefox
All versions affected Mozilla / Thunderbird
All versions affected References
bugzilla.mozilla.org: https://bugzilla.mozilla.org/show_bug.cgi?id=1989978 mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-81/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-82/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-83/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-84/ mozilla.org: https://www.mozilla.org/security/advisories/mfsa2025-85/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00031.html lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00015.html
Credits
EntryHi