INFSA-2025:8125: firefox security update
Information about definition
Identificator: INFSA-2025:8125
Type: security
Release date: 2025-07-15 19:43:05 UTC
Information about package
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Vulnerabilities description
- CVE-2025-4918
An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
- CVE-2025-4919
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-4918
|
no information | 8.8 | no information |
|
NIST — CVE-2025-4919
|
no information | 8.8 | no information |
Updated packages