- Description
- An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
- Source
- security@mozilla.org
- NVD status
- Modified
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
URGENT: #openSUSE 15.6’s Thunderbird update fixes: ✔️ CVE-2025-4918 (RCE risk) ✔️ CVE-2025-4919 (memory corruption) ✔️ UNC path bugs Patch via YaST or zypper patch. Details: Read more: 👉https://t.co/0pHQcUqdOd #CPP #Infosec https://t.co/lyc31LkkMo
@Cezar_H_Linux
5 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Firefox, Out-of-Bounds Write, #CVE-2025-4918 (Critical) https://t.co/60a7kRhuXA
@dailycve
28 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Breaking: #Firefox ESR 128.10.1 patches 2 RCE flaws (CVE-2025-4918/4919) with CVSS 8.8! SUSE Linux admins: ✅ Run zypper patch NOW ✅ Audit JS execution logs Details: 👉 https://t.co/rdN9pXEXkg #InfoSec https://t.co/usafzkHkFG
@Cezar_H_Linux
27 May 2025
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4918
@transilienceai
25 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 #CVE-2025-4918: Critical Memory Corruption in Mozilla #Firefox https://t.co/mRcy9w7MZM Educational Purposes!
@UndercodeUpdate
23 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀🔒 Firefox: 𝙰𝚌𝚝𝚒𝚟𝚎𝚕𝚢 𝙴𝚡𝚙𝚕𝚘𝚒𝚝𝚎𝚍 𝚉𝚎𝚛𝚘-𝙳𝚊𝚢 𝚅𝚞𝚕𝚗𝚎𝚛𝚊𝚋𝚒𝚕𝚒𝚝𝚒𝚎𝚜 𝙵𝚒𝚡𝚎𝚍 (CVE-2025-4918 & CVE-2025-4919) 🔓🚀 #cyber_security_highlights 💡
@MahRabie
21 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na Zero-day zranitelnosti v Mozilla Firefox a Firefox ESR, CVE-2025-4918 a CVE-2025-4919. Obě zranitelnosti jsou typu Out-of-bounds write v JavaScriptu a umožňují číst/zapisovat mimo rozsah alokované paměti. Následky mohou být únik citlivých údajů
@GOVCERT_CZ
21 May 2025
303 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-4918
@transilienceai
21 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
모질라, 파이어폭스 제로데이 취약점 긴급 보안 업데이트 발표 Pwn2Own 베를린 2025 해킹대회서 발견된 취약점 2개 긴급 보안 업데이트 출시. CVE-2025-4918 자바스크립트 엔진에서 범위를 벗어난 읽기/쓰기 문제 발생. C
@OxBw27B18Xt0Ilz
20 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Explotación de vulnerabilidades en Mozilla ❗CVE-2025-4919 ❗CVE-2025-4918 ➡️Más info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI
@CERTpy
20 May 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
معالجة ثغرتين خطيرتين في #فايرفوكس (Zero-Day) بعد استغلالهما في مسابقة أمنية 🆔 الأولى: CVE-2025-4918 🆔 الثانية: CVE-2025-4919 💸 المكافأة: 100 ألف دولار إذا تستخدم فايرفو
@cyberscastx
20 May 2025
941 Impressions
2 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨 緊急アラート:Firefoxユーザーは今すぐアップデートを! Mozillaが2つの重大なゼロデイ脆弱性に対する緊急パッチをリリースしました。 これらの脆弱性(CVE-2025-4918、CVE-2025-4919)はすでに実際の攻撃で悪
@TechTrendsJP
19 May 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany 🔒 https://t.co/iwHtL3LnMZ
@TweetThreatNews
19 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Slackware 15.0 Security Patch Alert ‼️ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) & CVE-2025-4919 (Privilege Escalation). Patch immediately! 🔗 Download + MD5 checksums: 👇https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n
@Cezar_H_Linux
19 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! 🛡️ Read more here: <https://t.co/RB4AFoPb1o> #Firefox #ZeroDay #Cybersecurity
@fernandokarl
19 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Firefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:
@H4ckmanac
19 May 2025
12878 Impressions
95 Retweets
163 Likes
25 Bookmarks
2 Replies
4 Quotes
Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, & Paul. 🔒🇩🇪 #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw
@TweetThreatNews
19 May 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 قامت موزيلا بإصدار تحديثات أمان للإصلاح ثغرتين خطيرتين في متصفح فايرفوكس تم استغلالهما في مسابقة Pwn2Own في برلين. يمكن أن تؤدي الثغرات إلى الوصول إلى بيا
@Cybercachear
19 May 2025
38 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1 🔗 Patch now. Full story: htt
@TheHackersNews
19 May 2025
32053 Impressions
149 Retweets
272 Likes
60 Bookmarks
6 Replies
11 Quotes
「Firefox」にJavaScriptのオブジェクト処理に起因する深刻な脆弱性2件(CVE-2025-4918、CVE-2025-4919)が発見されたとのこと。
@atkmywk
19 May 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4918 An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox ESR < 115.23.1. https://t.co/tzZnwmWq4G
@CVEnew
17 May 2025
433 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F",
"versionEndExcluding": "115.23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87",
"versionEndExcluding": "138.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E",
"versionEndExcluding": "128.10.1",
"versionStartIncluding": "116.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A",
"versionEndExcluding": "128.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED",
"versionEndExcluding": "138.0.2",
"versionStartIncluding": "138.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]