{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4918", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-05-17T19:40:51.300Z", "datePublished": "2025-05-17T21:07:26.745Z", "dateUpdated": "2026-04-13T14:25:54.968Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.23.1", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.10.1", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138.0.4", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10.2", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2."}]}], "title": "Out-of-bounds access when resolving Promise objects", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}], "credits": [{"lang": "en", "value": "Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:54.968Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T03:55:17.219008Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:28:06.529Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:05:17.591Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write"}, {"url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:05:17.591Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4918", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T03:55:17.219008Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T20:09:59.882Z"}}], "cna": {"title": "Out-of-bounds access when resolving Promise objects", "credits": [{"lang": "en", "value": "Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.23.1", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.10.1", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138.0.4", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.10.2", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "supportingMedia": [{"type": "text/html", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:54.968Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4918", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:25:54.968Z", "dateReserved": "2025-05-17T19:40:51.300Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-05-17T21:07:26.745Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F", "versionEndExcluding": "115.23.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87", "versionEndExcluding": "138.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E", "versionEndExcluding": "128.10.1", "versionStartIncluding": "116.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A", "versionEndExcluding": "128.10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED", "versionEndExcluding": "138.0.2", "versionStartIncluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2."}, {"lang": "es", "value": "Un atacante logr\u00f3 realizar una lectura o escritura fuera de los l\u00edmites en un objeto \"Promise\" de JavaScript. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a 138.0.4), Firefox ESR (versi\u00f3n anterior a 128.10.1) y Firefox ESR (versi\u00f3n anterior a 115.23.1)."}], "id": "CVE-2025-4918", "lastModified": "2026-04-13T15:17:01.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-17T22:15:19.563", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966612"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8125", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.10.1-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-26T00:00:00Z"}, {"advisory": "RHSA-2025:8608", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.11.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8465", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.10.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-03T00:00:00Z"}, {"advisory": "RHSA-2025:8060", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.10.1-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:8756", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.11.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-10T00:00:00Z"}, {"advisory": "RHSA-2025:8631", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8639", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.10.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8630", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.11.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8640", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.10.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8807", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "firefox-0:128.10.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8807", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "firefox-0:128.10.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8049", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.1-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-20T00:00:00Z"}, {"advisory": "RHSA-2025:8607", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.11.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8371", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.10.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8598", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.11.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8369", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.10.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8642", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "thunderbird-0:128.11.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8370", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.10.1-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8599", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.11.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-05T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Out-of-bounds access when resolving Promise objects", "id": "2367016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367016"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-4918", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-05-17T21:07:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4918\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4918\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4918\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-40/#CVE-2025-4918"], "statement": "Red Hat Product Security rates the severity of this flaw as Important due to the requirement of user interaction.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:08:26.737902+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version 138.0.4 or ESR 128.10.1 or 115.23.1, and upgrade Thunderbird to 128.10.2 or 138.0.2.", "For Red\u00a0Hat Enterprise Linux systems, install the latest security updates that include patched Firefox or Thunderbird binaries.", "If a patch cannot be applied immediately, mitigate risk by restricting or disabling JavaScript execution from untrusted sources and employing content\u2011security policies to isolate untrusted content."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox and Mozilla Thunderbird are affected. The bug was fixed in Firefox 138.0.4, Firefox ESR 128.10.1 and 115.23.1, Thunderbird 128.10.2 and 138.0.2. Older releases of these products, including those packaged in various Red\u00a0Hat Enterprise Linux channels, remain vulnerable.", "description_and_impact": "An attacker can trigger an out-of-bounds read or write on a JavaScript Promise object, a type of memory corruption that may lead to arbitrary code execution. The flaw is classified as CWE-125 (Out\u2011of\u2011Bounds Read) and CWE-787 (Out\u2011of\u2011Bounds Write). The vulnerability allows an attacker to corrupt memory in the JavaScript engine, potentially compromising confidentiality, integrity, and availability of the affected system if exploited.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a severe risk level. The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low probability of widespread exploitation. The likely attack vector is the execution of maliciously crafted JavaScript, such as via a web page or email content."}}}}, "created": "2026-04-20T17:15:12.549802+00:00", "updated": "2026-04-20T17:15:12.549812+00:00", "vendors": []}