CVE-2025-4919

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
17/05/2025
Last modified:
28/05/2025

Description

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* 115.23.1 (excluding)
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* 138.0.4 (excluding)
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* 116.0 (including) 128.10.1 (excluding)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* 128.10.2 (excluding)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:* 138.0 (including) 138.0.2 (excluding)