Out-of-Bounds Read or Write Vulnerability in Firefox ESR by Mozilla
CVE-2025-4919

8.8HIGH

Key Information:

Vendor: Mozilla
Status: Firefox; Firefox Esr; Thunderbird
Vendor: CVE Published:; 17 May 2025

Badges

📈 Score: 616👾 Exploit Exists📰 News Worthy

What is CVE-2025-4919?

CVE-2025-4919 is a vulnerability identified in Mozilla's Firefox and Thunderbird applications, specifically impacting versions below 138.0.4 for Firefox, below 128.10.1 and 115.23.1 for Firefox ESR, and below 128.10.2 and 138.0.2 for Thunderbird. This flaw results from an out-of-bounds read or write condition that can occur when an attacker confuses the sizes of array indices within JavaScript objects. Such a vulnerability can lead to unauthorized memory access, which may result in application crashes or allow attackers to execute arbitrary code. This poses a significant threat to organizations as it can compromise system integrity and security, potentially giving attackers control over sensitive data and applications.

Potential Impact of CVE-2025-4919

Arbitrary Code Execution: Exploitation of this vulnerability can allow attackers to execute arbitrary code within the context of the affected applications, leading to unauthorized actions and access within the organization's IT infrastructure.
Data Exfiltration: With the capability to manipulate memory and potentially gain access to sensitive data, this vulnerability poses a risk of data breaches, allowing attackers to extract confidential information from the affected applications.
Service Disruption: By leveraging this vulnerability, attackers can cause crashes or instability in the browser or email client, disrupting services and workflows for users. This can result in reduced productivity and increased operational risks for the organization.