Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2025:8608
Vulnerability from osv_almalinux
Published
2025-06-05 00:00
Modified
2025-06-16 12:37
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
- firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)
- firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)
- firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)
- firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)
- firefox: thunderbird: Memory safety bugs (CVE-2025-5268)
- firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)
- firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)
- firefox: thunderbird: Memory safety bug (CVE-2025-5269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "128.11.0-1.el10_0.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client. \n\nSecurity Fix(es): \n\n * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918)\n * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919)\n * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267)\n * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264)\n * firefox: thunderbird: Memory safety bugs (CVE-2025-5268)\n * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266)\n * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263)\n * firefox: thunderbird: Memory safety bug (CVE-2025-5269)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:8608",
"modified": "2025-06-16T12:37:33Z",
"published": "2025-06-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:8608"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4918"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-4919"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5263"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5264"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5266"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5267"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5268"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-5269"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2367016"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2367018"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368750"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368751"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368752"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368755"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368756"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2368757"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2025-8608.html"
}
],
"related": [
"CVE-2025-4918",
"CVE-2025-4919",
"CVE-2025-5267",
"CVE-2025-5264",
"CVE-2025-5268",
"CVE-2025-5266",
"CVE-2025-5263",
"CVE-2025-5269"
],
"summary": "Important: thunderbird security update"
}
CVE-2025-5263 (GCVE-0-2025-5263)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2025-11-03 20:05
VLAI?
EPSS
Title
Error handling for script execution was incorrectly isolated from web content
Summary
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Severity ?
4.3 (Medium)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 139
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
terjanq
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T15:20:12.961207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T15:30:54.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:56.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "terjanq"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 115.24, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"value": "Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 115.24, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:01:39.936Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1960745"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Error handling for script execution was incorrectly isolated from web content"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5263",
"datePublished": "2025-05-27T12:29:22.686Z",
"dateReserved": "2025-05-27T12:29:22.271Z",
"dateUpdated": "2025-11-03T20:05:56.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5264 (GCVE-0-2025-5264)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2026-02-26 18:27
VLAI?
EPSS
Title
Potential local code execution in “Copy as cURL” command
Summary
Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This vulnerability affects Firefox < 139, Firefox ESR < 115.24, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Severity ?
4.8 (Medium)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 139
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Ameen Basha M K
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5264",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T03:55:59.370030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:56.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:59.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ameen Basha M K"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to insufficient escaping of the newline character in the \u201cCopy as cURL\u201d feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user\u0027s system. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 115.24, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"value": "Due to insufficient escaping of the newline character in the \u201cCopy as cURL\u201d feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user\u0027s system. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 115.24, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:01:43.951Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1950001"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-43/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Potential local code execution in \u201cCopy as cURL\u201d command"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5264",
"datePublished": "2025-05-27T12:29:23.513Z",
"dateReserved": "2025-05-27T12:29:23.106Z",
"dateUpdated": "2026-02-26T18:27:56.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5266 (GCVE-0-2025-5266)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2025-11-03 20:06
VLAI?
EPSS
Title
Script element events leaked cross-origin resource status
Summary
Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 139
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Jakub Szymsza
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5266",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-23T14:44:04.447377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:44:14.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:04.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Szymsza"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"value": "Script elements loading cross-origin resources generated load and error events which leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:11.598Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1965628"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Script element events leaked cross-origin resource status"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5266",
"datePublished": "2025-05-27T12:29:25.084Z",
"dateReserved": "2025-05-27T12:29:24.726Z",
"dateUpdated": "2025-11-03T20:06:04.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5267 (GCVE-0-2025-5267)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2025-11-03 20:06
VLAI?
EPSS
Title
Clickjacking vulnerability could have led to leaking saved payment card details
Summary
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Severity ?
5.4 (Medium)
CWE
- CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 139
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
Ameen Basha M K
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5267",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T17:44:29.781576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1021",
"description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T17:45:24.804Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:07.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ameen Basha M K"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"value": "A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:13.631Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1954137"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Clickjacking vulnerability could have led to leaking saved payment card details"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5267",
"datePublished": "2025-05-27T12:29:25.942Z",
"dateReserved": "2025-05-27T12:29:25.508Z",
"dateUpdated": "2025-11-03T20:06:07.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5268 (GCVE-0-2025-5268)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2026-02-26 18:27
VLAI?
EPSS
Title
Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11
Summary
Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 139, Firefox ESR < 128.11, Thunderbird < 139, and Thunderbird < 128.11.
Severity ?
8.1 (High)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 139
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
Credits
the Mozilla Fuzzing Team, Masayuki Nakano
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5268",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T03:55:56.627233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:27:55.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:09.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "139",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "the Mozilla Fuzzing Team, Masayuki Nakano"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"value": "Memory safety bugs present in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 139, Firefox ESR \u003c 128.11, Thunderbird \u003c 139, and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:16.656Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1950136%2C1958121%2C1960499%2C1962634"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-42/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-45/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5268",
"datePublished": "2025-05-27T12:29:26.941Z",
"dateReserved": "2025-05-27T12:29:26.556Z",
"dateUpdated": "2026-02-26T18:27:55.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5269 (GCVE-0-2025-5269)
Vulnerability from cvelistv5 – Published: 2025-05-27 12:29 – Updated: 2025-11-03 20:06
VLAI?
EPSS
Title
Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11
Summary
Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.11 and Thunderbird < 128.11.
Severity ?
8.1 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 128.11
(custom)
|
|||||||
|
|||||||||
Credits
Randell Jesup
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T17:41:18.340090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T14:34:30.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:06:12.724Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00043.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Randell Jesup"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 128.11 and Thunderbird \u003c 128.11."
}
],
"value": "Memory safety bug present in Firefox ESR 128.10, and Thunderbird 128.10. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 128.11 and Thunderbird \u003c 128.11."
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T16:11:18.928Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1924108"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-44/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-46/"
}
],
"title": "Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11"
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-5269",
"datePublished": "2025-05-27T12:29:27.780Z",
"dateReserved": "2025-05-27T12:29:27.413Z",
"dateUpdated": "2025-11-03T20:06:12.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4919 (GCVE-0-2025-4919)
Vulnerability from cvelistv5 – Published: 2025-05-17 21:07 – Updated: 2026-02-26 18:28
VLAI?
EPSS
Summary
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Severity ?
8.8 (High)
CWE
- Out-of-bounds access when optimizing linear sums
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 138.0.4
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Manfred Paul working with Trend Micro's Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T03:55:18.550351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:06.157Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:22.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Manfred Paul working with Trend Micro\u0027s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox \u003c 138.0.4, Firefox ESR \u003c 128.10.1, Firefox ESR \u003c 115.23.1, Thunderbird \u003c 128.10.2, and Thunderbird \u003c 138.0.2."
}
],
"value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox \u003c 138.0.4, Firefox ESR \u003c 128.10.1, Firefox ESR \u003c 115.23.1, Thunderbird \u003c 128.10.2, and Thunderbird \u003c 138.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds access when optimizing linear sums",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:05:18.619Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-4919",
"datePublished": "2025-05-17T21:07:27.734Z",
"dateReserved": "2025-05-17T19:40:53.416Z",
"dateUpdated": "2026-02-26T18:28:06.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4918 (GCVE-0-2025-4918)
Vulnerability from cvelistv5 – Published: 2025-05-17 21:07 – Updated: 2026-02-26 18:28
VLAI?
EPSS
Summary
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Severity ?
9.8 (Critical)
CWE
- Out-of-bounds access when resolving Promise objects
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 138.0.4
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T03:55:17.219008Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:06.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:17.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138.0.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.10.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115.23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "128.10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "138.0.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro\u0027s Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox \u003c 138.0.4, Firefox ESR \u003c 128.10.1, Firefox ESR \u003c 115.23.1, Thunderbird \u003c 128.10.2, and Thunderbird \u003c 138.0.2."
}
],
"value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox \u003c 138.0.4, Firefox ESR \u003c 128.10.1, Firefox ESR \u003c 115.23.1, Thunderbird \u003c 128.10.2, and Thunderbird \u003c 138.0.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds access when resolving Promise objects",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T13:05:17.184Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2025-4918",
"datePublished": "2025-05-17T21:07:26.745Z",
"dateReserved": "2025-05-17T19:40:51.300Z",
"dateUpdated": "2026-02-26T18:28:06.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…