As of the time of this writing (Unix epoch 1755962780), there is a high-impact bug not fixed in Firefox ESR 140.2 or ESR 128.14 even though it's been fixed in Firefox 142 (edit: fixed typo that said Firefox 140.2)
If you compare these three sites:
https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-66/
https://www.mozilla.org/en-US/security/advisories/mfsa2025-67/
You'll see neither ESR pages mention CVE-2025-9197 as described in both https://nvd.nist.gov/vuln/detail/CVE-2025-9187 and https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/#CVE-2025-9187. The reference link in the Mozilla page goes to a page that says "Zarro Books found" and the NIST page tagged the Bugzilla link as a "Broken Link".
Am I missing/misunderstanding something? Or have they not patched this bug yet?
