Out-of-Bounds Read and Write Vulnerability in Firefox ESR by Mozilla
CVE-2025-4918

7.5HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 17 May 2025

Badges

🔥 Trending now🥇 Trended No. 1📈 Trended📈 Score: 5,650👾 Exploit Exists📰 News Worthy

What is CVE-2025-4918?

CVE-2025-4918 is a vulnerability identified in the Mozilla Firefox Extended Support Release (ESR) browser, specifically affecting versions prior to 138.0.4, 128.10.1, and 115.23.1. The issue arises due to an out-of-bounds read and write error associated with JavaScript Promise objects. This technical defect can allow attackers to manipulate memory, which might lead to the leakage of sensitive data or the corruption of data within the application. Given that Firefox is widely employed for both personal and organizational web browsing, this vulnerability poses considerable risks to businesses that rely on it for secure operations and communications.

Potential impact of CVE-2025-4918

Data Leakage: Due to the nature of the out-of-bounds read vulnerability, attackers could exploit this flaw to gain unauthorized access to sensitive information stored in memory. This could lead to data breaches where confidential data is exposed, resulting in reputational damage and regulatory implications for organizations.
System Stability Compromise: Exploiting out-of-bounds write vulnerabilities can cause critical application failures. The potential for crashes or unforeseen behavior in Firefox due to memory corruption could disrupt workflows and degrade the user experience, leading to lost productivity.
Increased Attack Surface: The existence of this vulnerability increases the attack surface for threat actors, making it easier for them to launch targeted exploits, especially in environments where Firefox is integrated into larger security frameworks or used for accessing enterprise applications. This could pave the way for further attacks on internal systems or networks.