AI description
CVE-2025-4918 involves an out-of-bounds read or write vulnerability affecting JavaScript `Promise` objects. This vulnerability impacts Firefox versions earlier than 138.0.4, Firefox ESR versions earlier than 128.10.1, and Firefox ESR versions earlier than 115.23.1. The vulnerability stems from the JavaScript Handler component, where manipulating an unknown input leads to an out-of-bounds write. Successful exploitation could compromise confidentiality, integrity, and availability.
- Description
- An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
- Source
- security@mozilla.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
URGENT: #openSUSE 15.6’s Thunderbird update fixes: ✔️ CVE-2025-4918 (RCE risk) ✔️ CVE-2025-4919 (memory corruption) ✔️ UNC path bugs Patch via YaST or zypper patch. Details: Read more: 👉https://t.co/0pHQcUqdOd #CPP #Infosec https://t.co/lyc31LkkMo
@Cezar_H_Linux
5 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Firefox, Out-of-Bounds Write, #CVE-2025-4918 (Critical) https://t.co/60a7kRhuXA
@dailycve
28 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Breaking: #Firefox ESR 128.10.1 patches 2 RCE flaws (CVE-2025-4918/4919) with CVSS 8.8! SUSE Linux admins: ✅ Run zypper patch NOW ✅ Audit JS execution logs Details: 👉 https://t.co/rdN9pXEXkg #InfoSec https://t.co/usafzkHkFG
@Cezar_H_Linux
27 May 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4918
@transilienceai
25 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 #CVE-2025-4918: Critical Memory Corruption in Mozilla #Firefox https://t.co/mRcy9w7MZM Educational Purposes!
@UndercodeUpdate
23 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀🔒 Firefox: 𝙰𝚌𝚝𝚒𝚟𝚎𝚕𝚢 𝙴𝚡𝚙𝚕𝚘𝚒𝚝𝚎𝚍 𝚉𝚎𝚛𝚘-𝙳𝚊𝚢 𝚅𝚞𝚕𝚗𝚎𝚛𝚊𝚋𝚒𝚕𝚒𝚝𝚒𝚎𝚜 𝙵𝚒𝚡𝚎𝚍 (CVE-2025-4918 & CVE-2025-4919) 🔓🚀 #cyber_security_highlights 💡
@MahRabie
21 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na Zero-day zranitelnosti v Mozilla Firefox a Firefox ESR, CVE-2025-4918 a CVE-2025-4919. Obě zranitelnosti jsou typu Out-of-bounds write v JavaScriptu a umožňují číst/zapisovat mimo rozsah alokované paměti. Následky mohou být únik citlivých údajů
@GOVCERT_CZ
21 May 2025
303 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4918
@transilienceai
21 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
모질라, 파이어폭스 제로데이 취약점 긴급 보안 업데이트 발표 Pwn2Own 베를린 2025 해킹대회서 발견된 취약점 2개 긴급 보안 업데이트 출시. CVE-2025-4918 자바스크립트 엔진에서 범위를 벗어난 읽기/쓰기 문제 발생. C
@OxBw27B18Xt0Ilz
20 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Explotación de vulnerabilidades en Mozilla ❗CVE-2025-4919 ❗CVE-2025-4918 ➡️Más info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI
@CERTpy
20 May 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
معالجة ثغرتين خطيرتين في #فايرفوكس (Zero-Day) بعد استغلالهما في مسابقة أمنية 🆔 الأولى: CVE-2025-4918 🆔 الثانية: CVE-2025-4919 💸 المكافأة: 100 ألف دولار إذا تستخدم فايرفو
@cyberscastx
20 May 2025
941 Impressions
2 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨 緊急アラート:Firefoxユーザーは今すぐアップデートを! Mozillaが2つの重大なゼロデイ脆弱性に対する緊急パッチをリリースしました。 これらの脆弱性(CVE-2025-4918、CVE-2025-4919)はすでに実際の攻撃で悪
@TechTrendsJP
19 May 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany 🔒 https://t.co/iwHtL3LnMZ
@TweetThreatNews
19 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Slackware 15.0 Security Patch Alert ‼️ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) & CVE-2025-4919 (Privilege Escalation). Patch immediately! 🔗 Download + MD5 checksums: 👇https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n
@Cezar_H_Linux
19 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! 🛡️ Read more here: <https://t.co/RB4AFoPb1o> #Firefox #ZeroDay #Cybersecurity
@fernandokarl
19 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Firefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:
@H4ckmanac
19 May 2025
12878 Impressions
95 Retweets
163 Likes
25 Bookmarks
2 Replies
4 Quotes
Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, & Paul. 🔒🇩🇪 #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw
@TweetThreatNews
19 May 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 قامت موزيلا بإصدار تحديثات أمان للإصلاح ثغرتين خطيرتين في متصفح فايرفوكس تم استغلالهما في مسابقة Pwn2Own في برلين. يمكن أن تؤدي الثغرات إلى الوصول إلى بيا
@Cybercachear
19 May 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1 🔗 Patch now. Full story: htt
@TheHackersNews
19 May 2025
32053 Impressions
149 Retweets
272 Likes
60 Bookmarks
6 Replies
11 Quotes
「Firefox」にJavaScriptのオブジェクト処理に起因する深刻な脆弱性2件(CVE-2025-4918、CVE-2025-4919)が発見されたとのこと。
@atkmywk
19 May 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4918 An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox ESR < 115.23.1. https://t.co/tzZnwmWq4G
@CVEnew
17 May 2025
433 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F",
"versionEndExcluding": "115.23.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87",
"versionEndExcluding": "138.0.4"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E",
"versionEndExcluding": "128.10.1",
"versionStartIncluding": "116.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A",
"versionEndExcluding": "128.10.2"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED",
"versionEndExcluding": "138.0.2",
"versionStartIncluding": "138.0"
}
],
"operator": "OR"
}
]
}
]