CVE-2025-11711: 
NixOS vulnerability analysis and mitigation

CVE-2025-11711 is a high-impact security vulnerability discovered in Mozilla products that allows modification of JavaScript Object properties that were supposed to be non-writeable. The vulnerability was disclosed on October 14, 2025, affecting multiple Mozilla products including Firefox < 144, Firefox ESR < 115.29, Firefox ESR < 140.4, Thunderbird < 144, and Thunderbird < 140.4 (Mozilla Advisory).

The vulnerability is characterized by a security flaw that enables unauthorized modification of JavaScript Object properties that were designed to be non-writeable. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

The vulnerability has been rated as high impact by Mozilla. When exploited, it allows attackers to modify JavaScript Object properties that should be immutable, potentially compromising the integrity of web applications and leading to unauthorized modifications of critical object properties (Mozilla Advisory).

Mozilla has addressed this vulnerability in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. Users are advised to update their installations to these or later versions to mitigate the risk (Mozilla Advisory).