VDB

DEBIAN-CVE-2025-4919

DEBIAN-CVE-2025-4919 PUBLISHED CVSS 8.800000190734863 HIGH

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:12thunderbird115.7.0-1, 1:102.11.0-1, 1:102.12.0-1
Debian:14firefox-esr0, 0
Debian:12firefox-esr*, 0, 102.12.0esr-1
Debian:14thunderbird0, 0
Debian:11firefox-esr102.4.0, 102.4.0, 102.4.0
Debian:13firefox-esr0, 0
Debian:13thunderbird0, 0
Debian:11thunderbird*, *, *

Exploit Intelligence

Timeline

  • May 17, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›