{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4087", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-04-29T13:13:41.617Z", "datePublished": "2025-04-29T13:13:42.302Z", "dateUpdated": "2026-04-13T14:27:21.172Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10."}]}], "title": "Unsafe attribute access during XPath parsing", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "credits": [{"lang": "en", "value": "Ivan Fratric"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:21.172Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-29T15:51:33.871165Z", "id": "CVE-2025-4087", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-23T14:54:08.076Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:51.757Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:58:51.757Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-29T15:51:33.871165Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:52:15.821Z"}}], "cna": {"title": "Unsafe attribute access during XPath parsing", "credits": [{"lang": "en", "value": "Ivan Fratric"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.10", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.", "supportingMedia": [{"type": "text/html", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:27:21.172Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4087", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:27:21.172Z", "dateReserved": "2025-04-29T13:13:41.617Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-04-29T13:13:42.302Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "3378E5EE-9ABF-444B-AA88-9EAF8D8058DE", "versionEndExcluding": "128.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "EB8A8C7B-B65D-4DF5-BDB5-0C3C4E2DB72C", "versionEndExcluding": "138.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*", "matchCriteriaId": "DC19822B-CC07-4C6F-BAAD-C7A9C4E73FA9", "versionEndExcluding": "128.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "D1E8CCF1-4E91-44CC-A652-B23D1337A485", "versionEndExcluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10."}, {"lang": "es", "value": "Se identific\u00f3 una vulnerabilidad en Firefox donde el an\u00e1lisis de XPath pod\u00eda generar un comportamiento indefinido debido a la omisi\u00f3n de comprobaciones nulas durante el acceso a atributos. Esto podr\u00eda provocar accesos de lectura fuera de los l\u00edmites y, potencialmente, corrupci\u00f3n de memoria. Esta vulnerabilidad afecta a Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138 y Thunderbird ESR < 128.10."}], "id": "CVE-2025-4087", "lastModified": "2026-04-13T15:17:00.210", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-29T14:15:35.357", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:7506", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:7507", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.10.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4751", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.10.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:4458", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4797", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.10.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-12T00:00:00Z"}, {"advisory": "RHSA-2025:7547", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7693", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.10.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7545", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "firefox-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7691", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "thunderbird-0:128.10.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7544", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7690", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.10.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:7543", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "firefox-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-14T00:00:00Z"}, {"advisory": "RHSA-2025:7689", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "thunderbird-0:128.10.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4443", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:4460", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.10.0-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-05T00:00:00Z"}, {"advisory": "RHSA-2025:7428", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:4753", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7692", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.10.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4752", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7694", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "thunderbird-0:128.10.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}, {"advisory": "RHSA-2025:4756", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-08T00:00:00Z"}, {"advisory": "RHSA-2025:7695", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.10.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-05-15T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Unsafe attribute access during XPath parsing", "id": "2362904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2362904"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.", "A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption."], "name": "CVE-2025-4087", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "firefox-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "thunderbird-flatpak-container", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-29T13:13:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4087\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4087\nhttps://bugzilla.mozilla.org/show_bug.cgi?id=1952465\nhttps://www.mozilla.org/security/advisories/mfsa2025-28/\nhttps://www.mozilla.org/security/advisories/mfsa2025-29/\nhttps://www.mozilla.org/security/advisories/mfsa2025-31/\nhttps://www.mozilla.org/security/advisories/mfsa2025-32/"], "statement": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:14:02.150522+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version\u202f138 or the ESR 128.10 release to obtain the fixed XPath parsing code.", "Upgrade Thunderbird to version\u202f138 or the ESR 128.10 release to remove the vulnerability.", "If an upgrade is not immediately possible, restrict the processing of external XML input or remove XPath support until a patched version is available."], "summary": {"action": "Apply Patch", "impact": "Out-of-bounds read may lead to memory corruption, potentially affecting integrity and availability."}, "threat_synthesis": {"affected_systems": "Mozilla\u2019s Firefox browser and Thunderbird mail client are affected, specifically all versions prior to Firefox\u202f138, Firefox\u202fESR\u202f128.10, Thunderbird\u202f138, and Thunderbird\u202f128.10. The defect is limited to the XPath parsing component within these products.", "description_and_impact": "The vulnerability allows an attacker to trigger undefined behavior during XPath parsing by accessing attributes without proper null checks, resulting in an out-of-bounds read. This can lead to memory corruption, which in turn may compromise the integrity of the process and could weaken availability depending on the context of the parsed document.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, while an EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Based on the nature of the flaw, the likely attack vector involves delivering a malicious XML document that is parsed by the affected software, either locally or potentially over a network if the application processes external XML content."}}}}, "created": "2026-04-20T17:15:12.552419+00:00", "updated": "2026-04-20T17:15:12.552437+00:00", "vendors": []}