- Description
- An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
- Source
- security@mozilla.org
- NVD status
- Modified
- Products
- firefox, thunderbird
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-125
- Hype score
- Not currently trending
CVE-2025-4919: Corruption via Math Space in Mozilla Firefox https://t.co/xQFw8a4JIT
@alexjplaskett
24 Jul 2025
1879 Impressions
5 Retweets
22 Likes
12 Bookmarks
1 Reply
0 Quotes
🚨 BREAKING: A critical vulnerability, CVE-2025-4919, has been discovered in Mozilla Firefox, allowing data corruption via Math Space. 🛡️ Time to update your browsers! 🔗 Read more: Source: The ZDI #CyberSecurity #Firefox https://t.co/OtP7E1mkiJ
@AIShiftProtocol
15 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE 15.6’s Thunderbird update fixes: ✔️ CVE-2025-4918 (RCE risk) ✔️ CVE-2025-4919 (memory corruption) ✔️ UNC path bugs Patch via YaST or zypper patch. Details: Read more: 👉https://t.co/0pHQcUqdOd #CPP #Infosec https://t.co/lyc31LkkMo
@Cezar_H_Linux
5 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Demonstrating CVE-2025-4919: Now that it's patched, we can show you how @_manfp used this code execution bug in the renderer of #Mozilla Firefox to win $50,000. https://t.co/yWf0mR7GF3 #Pwn2Own #P2OBerlin
@thezdi
28 May 2025
13420 Impressions
18 Retweets
113 Likes
37 Bookmarks
1 Reply
0 Quotes
🚀🔒 Firefox: 𝙰𝚌𝚝𝚒𝚟𝚎𝚕𝚢 𝙴𝚡𝚙𝚕𝚘𝚒𝚝𝚎𝚍 𝚉𝚎𝚛𝚘-𝙳𝚊𝚢 𝚅𝚞𝚕𝚗𝚎𝚛𝚊𝚋𝚒𝚕𝚒𝚝𝚒𝚎𝚜 𝙵𝚒𝚡𝚎𝚍 (CVE-2025-4918 & CVE-2025-4919) 🔓🚀 #cyber_security_highlights 💡
@MahRabie
21 May 2025
27 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[ZDI-25-291|CVE-2025-4919] (Pwn2Own) Mozilla Firefox IonMonkey JIT Compiler Integer Overflow Remote Code Execution Vulnerability (CVSS 8.8; Credit: Manfred Paul (@manf@infosec.exchange)) https://t.co/zcWtEXt0t4
@TheZDIBugs
21 May 2025
2412 Impressions
5 Retweets
42 Likes
11 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na Zero-day zranitelnosti v Mozilla Firefox a Firefox ESR, CVE-2025-4918 a CVE-2025-4919. Obě zranitelnosti jsou typu Out-of-bounds write v JavaScriptu a umožňují číst/zapisovat mimo rozsah alokované paměti. Následky mohou být únik citlivých údajů
@GOVCERT_CZ
21 May 2025
303 Impressions
2 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
모질라, 파이어폭스 제로데이 취약점 긴급 보안 업데이트 발표 Pwn2Own 베를린 2025 해킹대회서 발견된 취약점 2개 긴급 보안 업데이트 출시. CVE-2025-4918 자바스크립트 엔진에서 범위를 벗어난 읽기/쓰기 문제 발생. C
@OxBw27B18Xt0Ilz
20 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Explotación de vulnerabilidades en Mozilla ❗CVE-2025-4919 ❗CVE-2025-4918 ➡️Más info: https://t.co/zajM0tneY3 https://t.co/PXpLq0WfxI
@CERTpy
20 May 2025
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
معالجة ثغرتين خطيرتين في #فايرفوكس (Zero-Day) بعد استغلالهما في مسابقة أمنية 🆔 الأولى: CVE-2025-4918 🆔 الثانية: CVE-2025-4919 💸 المكافأة: 100 ألف دولار إذا تستخدم فايرفو
@cyberscastx
20 May 2025
941 Impressions
2 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨 緊急アラート:Firefoxユーザーは今すぐアップデートを! Mozillaが2つの重大なゼロデイ脆弱性に対する緊急パッチをリリースしました。 これらの脆弱性(CVE-2025-4918、CVE-2025-4919)はすでに実際の攻撃で悪
@TechTrendsJP
19 May 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Mozilla rapidly released security patches for Firefox to fix two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exposed at Pwn2Own Berlin 2025. Updates protect users from exploitation. #Mozilla #Firefox #Germany 🔒 https://t.co/iwHtL3LnMZ
@TweetThreatNews
19 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Slackware 15.0 Security Patch Alert ‼️ Firefox 128.10.1 ESR fixes CVE-2025-4918 (RCE) & CVE-2025-4919 (Privilege Escalation). Patch immediately! 🔗 Download + MD5 checksums: 👇https://t.co/I0EtEAHEV7 #InfoSec #Linux #Firefox https://t.co/dzN80bS07n
@Cezar_H_Linux
19 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Firefox updates are out! Mozilla patched 2 zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) exploited at Pwn2Own Berlin. Update to v138.0.4 ASAP to stay protected! 🛡️ Read more here: <https://t.co/RB4AFoPb1o> #Firefox #ZeroDay #Cybersecurity
@fernandokarl
19 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Firefox: Two 0-Day Vulnerabilities Exploited. -PATCH NOW- Mozilla has patched two critical zero-day vulnerabilities (CVE-2025-4918, CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin. The flaws allow read/write on JavaScript objects, risking data exposure or code https:
@H4ckmanac
19 May 2025
12878 Impressions
95 Retweets
163 Likes
25 Bookmarks
2 Replies
4 Quotes
Mozilla patches two critical zero-day vulnerabilities (CVE-2025-4918 & CVE-2025-4919) in Firefox exploited at Pwn2Own Berlin, risking data access and remote code execution. Researchers: Bochin, Yan, & Paul. 🔒🇩🇪 #Firefox #ZeroDay #Germany https://t.co/ZZPJIoSBAw
@TweetThreatNews
19 May 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🛑 2 critical Firefox zero-days — CVE-2025-4918 & CVE-2025-4919 — proven exploitable. Attackers can read/write sensitive data or trigger remote code execution. Affects all versions before: • Firefox 138.0.4 • ESR 128.10.1 / 115.23.1 🔗 Patch now. Full story: htt
@TheHackersNews
19 May 2025
32053 Impressions
149 Retweets
272 Likes
60 Bookmarks
6 Replies
11 Quotes
「Firefox」にJavaScriptのオブジェクト処理に起因する深刻な脆弱性2件(CVE-2025-4918、CVE-2025-4919)が発見されたとのこと。
@atkmywk
19 May 2025
111 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-4919 Firefox ESR Out-of-Bounds Memory Vulnerability Below Version 115.23.1 https://t.co/6tZSS307D5
@VulmonFeeds
17 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4919 An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR < 115.23.1. https://t.co/jFmugYzx0h
@CVEnew
17 May 2025
439 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "BD156D89-BD24-483A-A355-1B45A0A2E66F",
"versionEndExcluding": "115.23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"matchCriteriaId": "83AE9635-80D1-49DD-B7A5-8E4E235B1C87",
"versionEndExcluding": "138.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"matchCriteriaId": "7F2F0DE1-8619-4C18-83B0-46E543AE8E9E",
"versionEndExcluding": "128.10.1",
"versionStartIncluding": "116.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FDB838-27AF-43C3-AC02-27C34ED5481A",
"versionEndExcluding": "128.10.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F76ABBB9-7E44-45A0-BEE9-81CD9C0A33ED",
"versionEndExcluding": "138.0.2",
"versionStartIncluding": "138.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]