VDB
DEBIAN-CVE-2025-4919
DEBIAN-CVE-2025-4919
PUBLISHED
CVSS 8.800000190734863 HIGH
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | thunderbird | 115.7.0-1, 1:102.11.0-1, 1:102.12.0-1 |
| Debian:14 | firefox-esr | 0, 0 |
| Debian:12 | firefox-esr | *, 0, 102.12.0esr-1 |
| Debian:14 | thunderbird | 0, 0 |
| Debian:11 | firefox-esr | 102.4.0, 102.4.0, 102.4.0 |
| Debian:13 | firefox-esr | 0, 0 |
| Debian:13 | thunderbird | 0, 0 |
| Debian:11 | thunderbird | *, *, * |
Exploit Intelligence
- CVE-2025-4919.json (github-poc)
- _18a_browser_cves_data.py (github-poc)
- _19_exploit_deep_dives.py (github-poc)
Timeline
- May 17, 2025 CVE Published
- Apr 28, 2026 CVE Updated