All Products Community Forum

I would like to know how the Firefox CVEs are affected on its version which are mentioned in NVD.

Let take mfsa2025-59, for example CVE-2025-8040, as per the NVD its says Firefox ESR < 140.1 is affected so does that mean it affect all the version which are lower than 140.1 which included the ESR 128 and ESR 115 versions or just the ESR 140 version series? then it raise on more question check this cve-2025-8029 in NVD it has specifically mentioned it only affect "Firefox ESR < 128.13, Firefox ESR < 140.1" and not the ESR 115 versions. Could anyone confirm it does not affect the ESR 115 versions or it affect all the versions? Now check this one cve-2025-8027, NVD clearly mentioned "Firefox ESR < 115.26, Firefox ESR < 128.13, Firefox ESR < 140.1" are affected so what I understand is that if the Firefox ESR 115 is vulnerable to any CVE it would be mentioned in the NVD specifically.

My point is that if any Firefox CVEs are listed in NVD and it specify only one version like “Firefox ESR < 140.1” what does that mean? Does it affect all the versions which include ESR 128 and ESR 115 or just the ESR 140 series version only affected? If any CVEs are affected on the ESR 115 and ESR 128 does Mozilla specifically mentioned those versions are affected right? Just like its mentioned in the cve-2025-8027

Any help would be appreciated to clarify this.

My phone has been hacked by someone from the Middle East I have a bogus email is hacked my it has my passwords from Firefox I don't know what else to do but I need help in recovering this and getting this person out of my life

When I attempt to add a Gmail account, I get this error - "Unable to login at server. Probably wrong configuration, username, or password"

Below are the steps with screenshots: - checked for no cookies to prevent Google from asking for an actual login - no stored google passwords - didn't put in my password on setup - TB finds the available configuration - prompted to login at google - add google password - allow access - error message

I have restarted Thunderbird. I have checked for updates (even though I have it on auto-update).

Are there settings on my Google or Gmail account that could prevent this from working?

Firefox had been a safe haven for anti-AI, and used to be my go-to search engine. If this AI bullshit continues, no one will respect or use the browser. Stop implementing AI garbage that steals data

Hello. I know how to define a server certificate exception to avoid browser warnings in case of certificate issue with a website (see attachment). However, I'd like to apply that exception for all users with access to my machine using a GPO (for user or local machine). This is also a requirement in my work where many users run Firefox from a server and the face browser warnings all the time (related to self-signed certificates) so it would be great to apply an exception for all users through a GPO specifying the self-signed certificate warning we want Firefox to ignore. Thanks.

GNU nano 8.6 /etc/firefox/policies.json {

 "policies": {
   "DisableFirefoxStudies": true,
   "DisableTelemetry": true,
   "DisableSystemAddonUpdate": true

   "Preferences": {
     "app.normandy.enabled": false,
     "app.shield.optoutstudies.enabled": false,
     "extensions.autoDisableScopes": 15
    }
  }
} Hidden modifications to settings and extensions is absolutely not OK!!!!!!

This is a security environment.

I am working on a stig for Mozilla Firefox and I'm trying to do a scap compliance scan but or some reason I am getting a score of zero on all systems. We do patch regularly and at some point one of the version upgrades caused our compliance scans stopped working. I need a fix and cannot find anything when searching for this issue.

I am logged on to my Credit Union and attempt to download my statements. When using Firefox I get the message: {"Errors":["Authorization has been denied for this request."]}

When I contacted my CU, they said to add an URL to the Manage Exceptions. This worked, but I want to know why Firefox needs this but Chrome doesn't.

Hello,

I process phishing URL's,

I have recently come across URL's that make use of a BLOB: syntax on the URL:

blob:https://bolig.botik.dk/16c8c011-0fa5-4ba0-a10f-ed7675055cc6

You can see an example of the Phishing URL in this PhishTank entry:

https://phishtank.com/phish_detail.php?phish_id=9118779

That URL then re-directs to the above "BLOB" URL.

My understanding is that it is "locally" generating the phishing website, similar to an old fashioned about: syntax, however it's not clear what the significance of bolig.botik.dk URL is - loading that URL without the BLOB: prefix causes an error

Can someone explain:

1) What is the BLOB: syntax, and 2) what would be reported to have the phishing URL removed in the above example?

For some time now I have not been able to access any website secured with Captcha verification. My browser doesn't recognize that I'm a human and keeps going back to square one. Importantly: this problem does not occur in other browsers. However, I would prefer to stay with Mozilla, so it will be nice if something can be done with it. I didn't change any settings, I didn't change hardware, I didn't reinstall Mozilla, so that's not the problem. I've looked through my security settings and don't see anything that would help in this case. Especially since these are websites that I had previously accessed and logged in without any problems.

Hi, Thanks for your reply to my tutamail account. I’m really not tech savvy at all so not really understanding what to do. I’ve never used an extension. I know that I have things in my iPhone settings set up for as much privacy as possible. Are you talking about settings on my iPhone or settings in your app.? What exactly should I do in my iPhone settings and/or your browser settings? Will wait to hear back. Much appreciated. Linda

I genuinely don’t know where else to post this so it gets seen. I have been a devout user of Firefox for years. I love this browser. I love its dedication to privacy and functionality. I love how it has kept true to its concept and customers in the face of tech crazes like NFTs and AI integrations. I am such a hardcore proseletyzer of Firefox that I started paying for Mozilla VPN to support Firefox!!

So when I see that the new CEO, Anthony Enzor-DeMeo, is “doubling down” on AI integrations for Firefox, I AM LIVID. AI is NOT private. AI is NOT secure. And AI is TERRIBLE FOR THE ENVIRONMENT.

AI causes slower speed and longer load times. I have seen this in all my job’s internet workings (they insist on using browsers with AI integrations) and have felt a quiet relief that I get to come home to my good, simple browser.

AI is not private. It tracks and stores data in order to give suggestions “better for you”. And with the right prompts, anyone can pull that data.

Y’all really all read that one story of AI deleting the company’s ENTIRE DATABASE AND COMPUTER PROGRAMMING because it “panicked” and decided “ah yes, this is the techware we want to hand over all our customers to”??

I am so deeply disappointed by Mozilla’s betrayal of its customer base.

If Mozilla moves forward with AI integrations, I will pull out of using Firefox and I will stop giving Mozilla my money. Mozilla should not have hired a CEO who goes so adamantly against everything Mozilla as a company stands for.

And to the CEO Anthony: I hope you step in something wet in only your socks, every single day, until you either come to your senses or someone better replaces you as CEO of Mozilla.

I am constantly getting messages in quick messages to clear my search history! This is supposed to happen automatically when i close the site and in fact sais it has been cleared. I cant ever find the last sites i visited but it is rather disturbing to think that someone is seeing my search history without my authorization! So tell me squarely ,why do i keep getting that disturbing message?

Hello community,

i would like to ask about how to deploy security.pki.certificate_transparency.disable_for_hosts globally for users? With version 135 a lot of production webapps stopped working and as of now , we have to do manual modification in about:config. Our company has over 300k users , so the possible disruption might arise very quickly and there will be significant loses in production enviroment.

Is there a way how to deploy this specific setting via GPO/SCCM ?

Thank you

Today, using Firefox--or at least what i think is Firefox--i checed session history while logged into my mega.nz account. It lists 2 instances, one of which is for 3 days prior when I originally set up the Mega account using the Mega app, and the other is for yesterday when I entered the account using the FF browser--or, again, what i think is the FF browser. What's curious is that it shows i was using the Chrome browser, and that I'm apparently still using this browser as it's listed as the "Current" session. How can this be? While I have the Chrome app on my phone, I disabled it long ago and have never used it, and most certainly did not use it during the time and activities in question. I have long speculated that I have been hacked and that my phone is sometimes (always?) controlled by this hacker, though no solid proof. Assuming the hacker uses Chrome, could this be reflecting their using the Chrome browser, as opposed to the FF browser, which I'm currently using (or think im using)? In other words, is this the proof of a hack? Or is this a glitch within Mega, mistakingly listing Chrome as my browser?

To whoever this new CEO is of firefox,

Stop with the AI garbage. Please.

AI is a notorious waste of space in software and all it does is bog down the experience and make everything harder for everyone. Also it is notorious for collecting information and violating users privacy like the lab rats you apparently take us for.

Stop it.

I loved Firefox because I could use it comfortably without all of this stupid AI crap making my life harder. I've already hacked my browser to make sure this doesn't appear but I'm not satisfied. To any other firefox tech reading this get that Anthony guy out of here. We don't want him, and we don't want AI.

Thank you.

Focus is not ready for prime time. It's close. When connecting with apps where user interaction is required, Focus removes access names, and passwords, and reverts back to the sign in page. This makes for access denial. Have to remove Focus.