Home

Description

An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.

PUBLISHED Reserved 2025-05-17 | Published 2025-05-17 | Updated 2026-02-26 | Assigner mozilla

Problem types

Out-of-bounds access when resolving Promise objects

Product status

Any version before 138.0.4
affected

Any version before 128.10.1
affected

Any version before 115.23.1
affected

Any version before 128.10.2
affected

Any version before 138.0.2
affected

Credits

Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative

References

www.vicarius.io/...5-4918-detect-firefox-out-of-bounds-write

www.vicarius.io/...4918-mitigate-firefox-out-of-bounds-write

lists.debian.org/debian-lts-announce/2025/05/msg00046.html

lists.debian.org/debian-lts-announce/2025/05/msg00024.html

bugzilla.mozilla.org/show_bug.cgi?id=1966612

www.mozilla.org/security/advisories/mfsa2025-36/

www.mozilla.org/security/advisories/mfsa2025-37/

www.mozilla.org/security/advisories/mfsa2025-38/

www.mozilla.org/security/advisories/mfsa2025-40/

www.mozilla.org/security/advisories/mfsa2025-41/

cve.org (CVE-2025-4918)

nvd.nist.gov (CVE-2025-4918)

Download JSON