CVE-2025-4919
EUVD-2025-1559817.05.2025, 22:15
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 < 115.23.1 |
| mozilla | firefox | 𝑥 < 138.0.4 |
| mozilla | firefox | 116.0 ≤ 𝑥 < 128.10.1 |
| mozilla | thunderbird | 𝑥 < 128.10.2 |
| mozilla | thunderbird | 138.0 ≤ 𝑥 < 138.0.2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||
| thunderbird |
| ||||||||||||||
| mozjs38 |
| ||||||||||||||
| mozjs52 |
| ||||||||||||||
| mozjs68 |
| ||||||||||||||
| mozjs78 |
| ||||||||||||||
| mozjs91 |
| ||||||||||||||
| mozjs102 |
| ||||||||||||||
| mozjs115 |
|
Common Weakness Enumeration
References