CVE-2025-11711: Vulnerability in Mozilla Firefox
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
AI Analysis
Technical Summary
CVE-2025-11711 is a security vulnerability in Mozilla Firefox where some JavaScript Object properties marked as non-writeable could be altered. This behavior violates expected JavaScript property immutability and could potentially be leveraged to alter application logic or security controls. The vulnerability was fixed in Firefox 144 and corresponding ESR and Thunderbird versions. The CVSS 3.1 vector indicates the vulnerability is remotely exploitable over the network without privileges, requires user interaction, and impacts integrity but not confidentiality or availability.
Potential Impact
The vulnerability allows an attacker to modify JavaScript Object properties that should be immutable, potentially leading to integrity violations within the browser environment. While it does not directly impact confidentiality or availability, the ability to change non-writeable properties could facilitate further attacks or bypass security mechanisms. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix for this vulnerability is available and has been incorporated in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. Users and administrators should update to these versions or later to remediate the vulnerability. No additional mitigation actions are required beyond applying the official update.
CVE-2025-11711: Vulnerability in Mozilla Firefox
Description
There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable. This vulnerability was fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-11711 is a security vulnerability in Mozilla Firefox where some JavaScript Object properties marked as non-writeable could be altered. This behavior violates expected JavaScript property immutability and could potentially be leveraged to alter application logic or security controls. The vulnerability was fixed in Firefox 144 and corresponding ESR and Thunderbird versions. The CVSS 3.1 vector indicates the vulnerability is remotely exploitable over the network without privileges, requires user interaction, and impacts integrity but not confidentiality or availability.
Potential Impact
The vulnerability allows an attacker to modify JavaScript Object properties that should be immutable, potentially leading to integrity violations within the browser environment. While it does not directly impact confidentiality or availability, the ability to change non-writeable properties could facilitate further attacks or bypass security mechanisms. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix for this vulnerability is available and has been incorporated in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4. Users and administrators should update to these versions or later to remediate the vulnerability. No additional mitigation actions are required beyond applying the official update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mozilla
- Date Reserved
- 2025-10-13T19:50:05.343Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 68ee47cf509368ccaa6fc8ab
Added to database: 10/14/2025, 12:53:35 PM
Last enriched: 4/14/2026, 11:35:29 AM
Last updated: 5/10/2026, 7:18:37 AM
Views: 107
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.