CVE-2025-6424: 
Mozilla Firefox vulnerability analysis and mitigation

CVE-2025-6424 is a high-impact security vulnerability discovered in Mozilla Firefox that affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12. The vulnerability was disclosed on June 24, 2025, and was identified by LJP and HexRabbit from the DEVCORE Research Team (Mozilla Advisory).

The vulnerability is classified as a use-after-free (CWE-416) vulnerability in the FontFaceSet component of Firefox. According to the CVSS 3.1 scoring, it received a Critical severity rating of 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating the highest level of severity (NVD).

The vulnerability results in a potentially exploitable crash that could lead to arbitrary code execution. Given the CVSS score and impact rating, successful exploitation could allow attackers to gain complete control over the affected system with high confidentiality, integrity, and availability impacts (Mozilla Advisory).

Mozilla has addressed this vulnerability in Firefox 140, Firefox ESR 115.25, and Firefox ESR 128.12. Users are strongly advised to update to these versions or later to mitigate the risk (Mozilla Advisory, Mozilla ESR Advisory).