CVE-2025-4919

Published May 17, 2025

Last updated 2 days ago

Firefox

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-4919 is an out-of-bounds access vulnerability found in Firefox. It occurs during the optimization of linear sums, which could allow an attacker to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. Successful exploitation of this vulnerability could permit an adversary to achieve out-of-bounds read or write, potentially leading to the access of sensitive information or memory corruption, which could pave the way for code execution. This vulnerability affects Firefox ESR versions before 115.23.1 and was credited to Manfred Paul.

Description
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, and Firefox ESR < 115.23.1.
Source
security@mozilla.org
NVD status
Awaiting Analysis

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. ๐Ÿš€๐Ÿ”’ Firefox: ๐™ฐ๐šŒ๐š๐š’๐šŸ๐šŽ๐š•๐šข ๐™ด๐šก๐š™๐š•๐š˜๐š’๐š๐šŽ๐š ๐š‰๐šŽ๐š›๐š˜-๐™ณ๐šŠ๐šข ๐š…๐šž๐š•๐š—๐šŽ๐š›๐šŠ๐š‹๐š’๐š•๐š’๐š๐š’๐šŽ๐šœ ๐™ต๐š’๐šก๐šŽ๐š (CVE-2025-4918 &amp; CVE-2025-4919) ๐Ÿ”“๐Ÿš€ #cyber_security_highlights ๐Ÿ’ก

    @MahRabie

    21 May 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ๋ชจ์งˆ๋ผ, ํŒŒ์ด์–ดํญ์Šค ์ œ๋กœ๋ฐ์ด ์ทจ์•ฝ์  ๊ธด๊ธ‰ ๋ณด์•ˆ ์—…๋ฐ์ดํŠธ ๋ฐœํ‘œ Pwn2Own ๋ฒ ๋ฅผ๋ฆฐ 2025 ํ•ดํ‚น๋Œ€ํšŒ์„œ ๋ฐœ๊ฒฌ๋œ ์ทจ์•ฝ์  2๊ฐœ ๊ธด๊ธ‰ ๋ณด์•ˆ ์—…๋ฐ์ดํŠธ ์ถœ์‹œ. CVE-2025-4918 ์ž๋ฐ”์Šคํฌ๋ฆฝํŠธ ์—”์ง„์—์„œ ๋ฒ”์œ„๋ฅผ ๋ฒ—์–ด๋‚œ ์ฝ๊ธฐ/์“ฐ๊ธฐ ๋ฌธ์ œ ๋ฐœ์ƒ. C

    @OxBw27B18Xt0Ilz

    20 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. โš ๏ธExplotaciรณn de vulnerabilidades en Mozilla โ—CVE-2025-4919 โ—CVE-2025-4918 โžก๏ธMรกs info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI

    @CERTpy

    20 May 2025

    116 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ู…ุนุงู„ุฌุฉ ุซุบุฑุชูŠู† ุฎุทูŠุฑุชูŠู† ููŠ #ูุงูŠุฑููˆูƒุณ (Zero-Day) ุจุนุฏ ุงุณุชุบู„ุงู„ู‡ู…ุง ููŠ ู…ุณุงุจู‚ุฉ ุฃู…ู†ูŠุฉ ๐Ÿ†” ุงู„ุฃูˆู„ู‰: CVE-2025-4918 ๐Ÿ†” ุงู„ุซุงู†ูŠุฉ: CVE-2025-4919 ๐Ÿ’ธ ุงู„ู…ูƒุงูุฃุฉ: 100 ุฃู„ู ุฏูˆู„ุงุฑ ุฅุฐุง ุชุณุชุฎุฏู… ูุงูŠุฑููˆ

    @cyberscastx

    20 May 2025

    941 Impressions

    2 Retweets

    13 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  5. ๐Ÿšจ ็ทŠๆ€ฅใ‚ขใƒฉใƒผใƒˆ๏ผšFirefoxใƒฆใƒผใ‚ถใƒผใฏไปŠใ™ใใ‚ขใƒƒใƒ—ใƒ‡ใƒผใƒˆใ‚’๏ผ MozillaใŒ2ใคใฎ้‡ๅคงใชใ‚ผใƒญใƒ‡ใ‚ค่„†ๅผฑๆ€งใซๅฏพใ™ใ‚‹็ทŠๆ€ฅใƒ‘ใƒƒใƒใ‚’ใƒชใƒชใƒผใ‚นใ—ใพใ—ใŸใ€‚ ใ“ใ‚Œใ‚‰ใฎ่„†ๅผฑๆ€ง๏ผˆCVE-2025-4918ใ€CVE-2025-4919๏ผ‰ใฏใ™ใงใซๅฎŸ้š›ใฎๆ”ปๆ’ƒใงๆ‚ช

    @TechTrendsJP

    19 May 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany ๐Ÿ”’ https://t.co/iwHtL3LnMZ

    @TweetThreatNews

    19 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. โ€ผ๏ธ Slackware 15.0 Security Patch Alert โ€ผ๏ธ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) &amp; CVE-2025-4919 (Privilege Escalation). Patch immediately! ๐Ÿ”— Download + MD5 checksums: ๐Ÿ‘‡https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n

    @Cezar_H_Linux

    19 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ๐Ÿšจ Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! ๐Ÿ›ก๏ธ Read more here: &lt;https://t.co/RB4AFoPb1o&gt; #Firefox #ZeroDay #Cybersecurity

    @fernandokarl

    19 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ๐ŸšจFirefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:

    @H4ckManac

    19 May 2025

    12878 Impressions

    95 Retweets

    163 Likes

    25 Bookmarks

    2 Replies

    4 Quotes

  10. Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 &amp; CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, &amp; Paul. ๐Ÿ”’๐Ÿ‡ฉ๐Ÿ‡ช #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw

    @TweetThreatNews

    19 May 2025

    40 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. ๐Ÿ›‘ 2 critical Firefox zero-days โ€” CVE-2025-4918 &amp; CVE-2025-4919 โ€” proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: โ€ข Firefox 138.0.4 โ€ข ESR 128.10.1 / 115.23.1 ๐Ÿ”— Patch now. Full story: htt

    @TheHackersNews

    19 May 2025

    32053 Impressions

    149 Retweets

    272 Likes

    60 Bookmarks

    6 Replies

    11 Quotes

  12. ใ€ŒFirefoxใ€ใซJavaScriptใฎใ‚ชใƒ–ใ‚ธใ‚งใ‚ฏใƒˆๅ‡ฆ็†ใซ่ตทๅ› ใ™ใ‚‹ๆทฑๅˆปใช่„†ๅผฑๆ€ง2ไปถ๏ผˆCVE-2025-4918ใ€CVE-2025-4919๏ผ‰ใŒ็™บ่ฆ‹ใ•ใ‚ŒใŸใจใฎใ“ใจใ€‚

    @atkmywk

    19 May 2025

    111 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. CVE-2025-4919 Firefox ESR Out-of-Bounds Memory Vulnerability Below Version 115.23.1 https://t.co/6tZSS307D5

    @VulmonFeeds

    17 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-4919 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR &lt; 115.23.1. https://t.co/jFmugYzx0h

    @CVEnew

    17 May 2025

    439 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.