AI description
CVE-2025-4919 is an out-of-bounds access vulnerability found in Firefox. It occurs during the optimization of linear sums, which could allow an attacker to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. Successful exploitation of this vulnerability could permit an adversary to achieve out-of-bounds read or write, potentially leading to the access of sensitive information or memory corruption, which could pave the way for code execution. This vulnerability affects Firefox ESR versions before 115.23.1 and was credited to Manfred Paul.
- Description
- An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
- Source
- security@mozilla.org
- NVD status
- Analyzed
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
CVE-2025-4919: Corruption via Math Space in Mozilla Firefox https://t.co/xQFw8a4JIT
@alexjplaskett
24 Jul 2025
1879 Impressions
5 Retweets
22 Likes
12 Bookmarks
1 Reply
0 Quotes
🚨 BREAKING: A critical vulnerability, CVE-2025-4919, has been discovered in Mozilla Firefox, allowing data corruption via Math Space. 🛡️ Time to update your browsers! 🔗 Read more: Source: The ZDI #CyberSecurity #Firefox https://t.co/OtP7E1mkiJ
@AIShiftProtocol
15 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE 15.6’s Thunderbird update fixes: ✔️ CVE-2025-4918 (RCE risk) ✔️ CVE-2025-4919 (memory corruption) ✔️ UNC path bugs Patch via YaST or zypper patch. Details: Read more: 👉https://t.co/0pHQcUqdOd #CPP #Infosec https://t.co/lyc31LkkMo
@Cezar_H_Linux
5 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Demonstrating CVE-2025-4919: Now that it's patched, we can show you how @_manfp used this code execution bug in the renderer of #Mozilla Firefox to win $50,000. https://t.co/yWf0mR7GF3 #Pwn2Own #P2OBerlin
@thezdi
28 May 2025
13420 Impressions
18 Retweets
113 Likes
37 Bookmarks
1 Reply
0 Quotes
🚀🔒 Firefox: 𝙰𝚌𝚝𝚒𝚟𝚎𝚕𝚢 𝙴𝚡𝚙𝚕𝚘𝚒𝚝𝚎𝚍 𝚉𝚎𝚛𝚘-𝙳𝚊𝚢 𝚅𝚞𝚕𝚗𝚎𝚛𝚊𝚋𝚒𝚕𝚒𝚝𝚒𝚎𝚜 𝙵𝚒𝚡𝚎𝚍 (CVE-2025-4918 & CVE-2025-4919) 🔓🚀 #cyber_security_highlights 💡
@MahRabie
21 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-291|CVE-2025-4919] (Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Manfred Paul (@manf@infosec.exchange)) https://t.co/zcWtEXt0t4
@TheZDIBugs
21 May 2025
2412 Impressions
5 Retweets
42 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na Zero-day zranitelnosti v Mozilla Firefox a Firefox ESR, CVE-2025-4918 a CVE-2025-4919. Obě zranitelnosti jsou typu Out-of-bounds write v JavaScriptu a umožňují číst/zapisovat mimo rozsah alokované paměti. Následky mohou být únik citlivých údajů
@GOVCERT_CZ
21 May 2025
303 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
모질라, 파이어폭스 제로데이 취약점 긴급 보안 업데이트 발표 Pwn2Own 베를린 2025 해킹대회서 발견된 취약점 2개 긴급 보안 업데이트 출시. CVE-2025-4918 자바스크립트 엔진에서 범위를 벗어난 읽기/쓰기 문제 발생. C
@OxBw27B18Xt0Ilz
20 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Explotación de vulnerabilidades en Mozilla ❗CVE-2025-4919 ❗CVE-2025-4918 ➡️Más info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI
@CERTpy
20 May 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
معالجة ثغرتين خطيرتين في #فايرفوكس (Zero-Day) بعد استغلالهما في مسابقة أمنية 🆔 الأولى: CVE-2025-4918 🆔 الثانية: CVE-2025-4919 💸 المكافأة: 100 ألف دولار إذا تستخدم فايرفو
@cyberscastx
20 May 2025
941 Impressions
2 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨 緊急アラート:Firefoxユーザーは今すぐアップデートを! Mozillaが2つの重大なゼロデイ脆弱性に対する緊急パッチをリリースしました。 これらの脆弱性(CVE-2025-4918、CVE-2025-4919)はすでに実際の攻撃で悪
@TechTrendsJP
19 May 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany 🔒 https://t.co/iwHtL3LnMZ
@TweetThreatNews
19 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Slackware 15.0 Security Patch Alert ‼️ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) & CVE-2025-4919 (Privilege Escalation). Patch immediately! 🔗 Download + MD5 checksums: 👇https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n
@Cezar_H_Linux
19 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! 🛡️ Read more here: <https://t.co/RB4AFoPb1o> #Firefox #ZeroDay #Cybersecurity
@fernandokarl
19 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Firefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:
@H4ckmanac
19 May 2025
12878 Impressions
95 Retweets
163 Likes
25 Bookmarks
2 Replies
4 Quotes
Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, & Paul. 🔒🇩🇪 #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw
@TweetThreatNews
19 May 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1 🔗 Patch now. Full story: htt
@TheHackersNews
19 May 2025
32053 Impressions
149 Retweets
272 Likes
60 Bookmarks
6 Replies
11 Quotes
「Firefox」にJavaScriptのオブジェクト処理に起因する深刻な脆弱性2件(CVE-2025-4918、CVE-2025-4919)が発見されたとのこと。
@atkmywk
19 May 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4919 Firefox ESR Out-of-Bounds Memory Vulnerability Below Version 115.23.1 https://t.co/6tZSS307D5
@VulmonFeeds
17 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4919 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR < 115.23.1. https://t.co/jFmugYzx0h
@CVEnew
17 May 2025
439 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F",
"versionEndExcluding": "115.23.1"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87",
"versionEndExcluding": "138.0.4"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E",
"versionEndExcluding": "128.10.1",
"versionStartIncluding": "116.0"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A",
"versionEndExcluding": "128.10.2"
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED",
"versionEndExcluding": "138.0.2",
"versionStartIncluding": "138.0"
}
],
"operator": "OR"
}
]
}
]