{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4082", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-04-29T13:13:34.532Z", "datePublished": "2025-04-29T13:13:35.242Z", "dateUpdated": "2026-04-13T14:27:15.646Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.23", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.<br>*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10."}]}], "title": "WebGL shader attribute memory corruption in Thunderbird for macOS", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "credits": [{"lang": "en", "value": "un3xploitable & GF"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:15.646Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-30T03:56:28.910532Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:27:56.291Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:47.529Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:47.529Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-30T03:56:28.910532Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-02T15:31:41.284Z"}}], "cna": {"title": "WebGL shader attribute memory corruption in Thunderbird for macOS", "credits": [{"lang": "en", "value": "un3xploitable & GF"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.23", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "descriptions": [{"lang": "en", "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.<br>*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:15.646Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4082", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:27:15.646Z", "dateReserved": "2025-04-29T13:13:34.532Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-29T13:13:35.242Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "C120A37E-1333-4278-9527-4F370BC78EA8", "versionEndExcluding": "115.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C", "versionEndExcluding": "138.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "78457AB7-7F72-41FA-99F5-EE6D2B2AC9F9", "versionEndExcluding": "128.10", "versionStartIncluding": "128.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9", "versionEndExcluding": "128.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "D1E8CCF1-4E91-44CC-A652-B23D1337A485", "versionEndExcluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10."}, {"lang": "es", "value": "La modificaci\u00f3n de atributos espec\u00edficos de sombreadores WebGL podr\u00eda desencadenar una lectura fuera de los l\u00edmites, que, al combinarse con otras vulnerabilidades, podr\u00eda utilizarse para escalar privilegios. *Este error solo afecta a Firefox para macOS. Otras versiones de Firefox no se ven afectadas.* Esta vulnerabilidad afecta a Firefox &lt; 138, Firefox ESR &lt; 128.10, Firefox ESR &lt; 115.23, Thunderbird &lt; 138 y Thunderbird ESR &lt; 128.10."}], "id": "CVE-2025-4082", "lastModified": "2026-04-13T15:16:59.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-29T14:15:34.913", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "firefox: thunderbird: WebGL shader attribute memory corruption in Firefox for macOS", "id": "2362903", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362903"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected."], "name": "CVE-2025-4082", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-29T13:13:35Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4082\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4082\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1937097\nhttps://www.mozilla.org/security/advisories/mfsa2025-28/\nhttps://www.mozilla.org/security/advisories/mfsa2025-29/\nhttps://www.mozilla.org/security/advisories/mfsa2025-30/\nhttps://www.mozilla.org/security/advisories/mfsa2025-31/\nhttps://www.mozilla.org/security/advisories/mfsa2025-32/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T18:13:32.604457+00:00", "value": {"mitigation_remediation": ["Install Thunderbird 138 or later on macOS to include the memory\u2011corruption fix.", "As a temporary defense, disable WebGL by setting layers.accelerate.disabled to true in Thunderbird\u2019s about:config file.", "Keep macOS and all related software up to date, and watch for further advisories that might impact Thunderbird\u2019s WebGL handling."], "summary": {"action": "Patch", "impact": "Privilege Escalation via out-of-bounds read"}, "threat_synthesis": {"affected_systems": "Only Thunderbird for macOS is affected. The bug was fixed in Thunderbird 138 and 128.10, meaning any earlier installation on macOS may have the vulnerability. The issue does not exist in other Thunderbird releases or in Firefox across platforms.", "description_and_impact": "An out-of-bounds read occurs when a malicious user modifies specific WebGL shader attributes. The read can expose sensitive data and, when combined with other bugs, can be used to raise the privileges of the process. The weakness falls under CWE-125, which describes buffer read errors.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate severity. The EPSS score of less than 1% shows the exploit likelihood is very low, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack is likely local or remotely triggered via a malicious email containing crafted WebGL content; however, this is inferred from the description, as the vector is not explicitly stated."}}}}, "created": "2026-04-20T18:15:13.622573+00:00", "updated": "2026-04-20T18:15:13.622584+00:00", "vendors": []}