{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4919", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "state": "PUBLISHED", "assignerShortName": "mozilla", "dateReserved": "2025-05-17T19:40:53.416Z", "datePublished": "2025-05-17T21:07:27.734Z", "dateUpdated": "2026-04-13T14:25:56.780Z"}, "containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "115.23.1", "lessThanOrEqual": "115.*", "versionType": "rpm"}, {"status": "unaffected", "version": "128.10.1", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138.0.4", "lessThanOrEqual": "*", "versionType": "rpm"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "unaffected", "version": "128.10.2", "lessThanOrEqual": "128.*", "versionType": "rpm"}, {"status": "unaffected", "version": "138.0.2", "lessThanOrEqual": "*", "versionType": "rpm"}]}], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2."}]}], "title": "Out-of-bounds access when optimizing linear sums", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}], "credits": [{"lang": "en", "value": "Manfred Paul working with Trend Micro's Zero Day Initiative"}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:56.780Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T03:55:18.550351Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:28:06.157Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:05:22.225Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:05:22.225Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-4919", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-20T03:55:18.550351Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T15:24:03.537Z"}}], "cna": {"title": "Out-of-bounds access when optimizing linear sums", "credits": [{"lang": "en", "value": "Manfred Paul working with Trend Micro's Zero Day Initiative"}], "affected": [{"vendor": "Mozilla", "product": "Firefox", "versions": [{"status": "unaffected", "version": "115.23.1", "versionType": "rpm", "lessThanOrEqual": "115.*"}, {"status": "unaffected", "version": "128.10.1", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138.0.4", "versionType": "rpm", "lessThanOrEqual": "*"}]}, {"vendor": "Mozilla", "product": "Thunderbird", "versions": [{"status": "unaffected", "version": "128.10.2", "versionType": "rpm", "lessThanOrEqual": "128.*"}, {"status": "unaffected", "version": "138.0.2", "versionType": "rpm", "lessThanOrEqual": "*"}]}], "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "supportingMedia": [{"type": "text/html", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.", "base64": false}]}], "providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2026-04-13T14:25:56.780Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4919", "state": "PUBLISHED", "dateUpdated": "2026-04-13T14:25:56.780Z", "dateReserved": "2025-05-17T19:40:53.416Z", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "datePublished": "2025-05-17T21:07:27.734Z", "assignerShortName": "mozilla"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F", "versionEndExcluding": "115.23.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*", "matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87", "versionEndExcluding": "138.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*", "matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E", "versionEndExcluding": "128.10.1", "versionStartIncluding": "116.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A", "versionEndExcluding": "128.10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*", "matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED", "versionEndExcluding": "138.0.2", "versionStartIncluding": "138.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2."}, {"lang": "es", "value": "Un atacante logr\u00f3 realizar una lectura o escritura fuera de los l\u00edmites en un objeto JavaScript al confundir el tama\u00f1o del \u00edndice de la matriz. Esta vulnerabilidad afecta a Firefox (versi\u00f3n anterior a 138.0.4), Firefox ESR (versi\u00f3n anterior a 128.10.1) y Firefox ESR (versi\u00f3n anterior a 115.23.1)."}], "id": "CVE-2025-4919", "lastModified": "2026-04-13T15:17:01.630", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-17T22:15:19.653", "references": [{"source": "security@mozilla.org", "tags": ["Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1966614"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-36/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-37/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-38/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-40/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2025-41/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00046.html"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:8125", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "firefox-0:128.10.1-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-05-26T00:00:00Z"}, {"advisory": "RHSA-2025:8608", "cpe": "cpe:/o:redhat:enterprise_linux:10.0", "package": "thunderbird-0:128.11.0-1.el10_0", "product_name": "Red Hat Enterprise Linux 10", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8465", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "firefox-0:128.10.1-1.el7_9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-06-03T00:00:00Z"}, {"advisory": "RHSA-2025:8060", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:128.10.1-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:8756", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:128.11.0-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-06-10T00:00:00Z"}, {"advisory": "RHSA-2025:8631", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "thunderbird-0:128.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8639", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "firefox-0:128.10.1-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8630", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "thunderbird-0:128.11.0-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8640", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "firefox-0:128.10.1-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8629", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "thunderbird-0:128.11.0-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8645", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "firefox-0:128.10.1-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8807", "cpe": "cpe:/a:redhat:rhel_tus:8.8", "package": "firefox-0:128.10.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8628", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "thunderbird-0:128.11.0-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8807", "cpe": "cpe:/a:redhat:rhel_e4s:8.8", "package": "firefox-0:128.10.1-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date": "2025-06-11T00:00:00Z"}, {"advisory": "RHSA-2025:8049", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "firefox-0:128.10.1-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-20T00:00:00Z"}, {"advisory": "RHSA-2025:8607", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "thunderbird-0:128.11.0-1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8371", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "firefox-0:128.10.1-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8598", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "thunderbird-0:128.11.0-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-06-05T00:00:00Z"}, {"advisory": "RHSA-2025:8369", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "firefox-0:128.10.1-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8642", "cpe": "cpe:/a:redhat:rhel_e4s:9.2", "package": "thunderbird-0:128.11.0-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date": "2025-06-09T00:00:00Z"}, {"advisory": "RHSA-2025:8370", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "firefox-0:128.10.1-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-02T00:00:00Z"}, {"advisory": "RHSA-2025:8599", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "thunderbird-0:128.11.0-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-06-05T00:00:00Z"}], "bugzilla": {"description": "firefox: thunderbird: Out-of-bounds access when optimizing linear sums", "id": "2367018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367018"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.", "A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-4919", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/firefox-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "rhel10/thunderbird-flatpak", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-05-17T21:07:27Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-4919\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-4919\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-37/#CVE-2025-4919\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2025-40/#CVE-2025-4919"], "statement": "Red Hat Product Security rates the severity of this flaw as Important due to the requirement of user interaction.", "threat_severity": "Important"}

{"analysis": {"en": {"generated_at": "2026-04-20T17:08:06.379243+00:00", "value": {"mitigation_remediation": ["Upgrade Firefox to version\u202f138.0.4 or newer, or to Firefox ESR\u202f128.10.1 or 115.23.1.", "Upgrade Thunderbird to version\u202f138.0.2 or newer, or to Thunderbird ESR\u202f128.10.2.", "For Red\u202fHat or derivative distributions, update to the latest package that includes Firefox\u202f138.0.4 or newer.", "Until the update is applied, restrict or filter untrusted JavaScript execution in your environment."], "summary": {"action": "Apply patches", "impact": "Out-of-bounds memory access"}, "threat_synthesis": {"affected_systems": "Mozilla Firefox versions up to and including 138.0, and Firefox ESR releases older than 128.10.1 and 115.23.1, are affected. Mozilla Thunderbird versions up to and including 138.0.2, and Thunderbird ESR releases older than 128.10.2, are also vulnerable. Packages that embed these browsers on Red\u202fHat Enterprise Linux and derivatives, as listed in the provided CPEs, fall under the same impact scope.", "description_and_impact": "An attacker can cause an out-of-bounds read or write on a JavaScript object by confusing array index sizes, potentially corrupting memory. This flaw could allow the attacker to read sensitive data, alter program state, or crash an affected browser. The weakness is documented as CWE\u2011125 and CWE\u2011787.", "risk_and_exploitability": "The CVSS score of 8.8 reflects high severity, while the EPSS score of less than 1\u202f% indicates a very low current exploitation probability. The flaw is not listed in the CISA KEV catalog, suggesting no widespread active exploitation. Attacks likely require delivery of crafted JavaScript via a web page, meaning the threat is primarily remote but depends on user\u2011initiated browsing or embedded content."}}}}, "created": "2026-04-20T17:15:12.549572+00:00", "updated": "2026-04-20T17:15:12.549582+00:00", "vendors": []}