CVE-2025-4082

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 138 Firefox ESR versions prior to 128.10 Firefox ESR versions prior to 115.23 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10

Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read. When chained with other vulnerabilities, this issue could be used to escalate privileges. This bug only affects Firefox for macOS, with other versions of Firefox being unaffected.

Recommendations For Firefox versions prior to 138, update to version 138 or later. For Firefox ESR versions prior to 128.10, update to version 128.10 or later. For Firefox ESR versions prior to 115.23, update to version 115.23 or later. For Thunderbird versions prior to 138, update to version 138 or later. For Thunderbird ESR versions prior to 128.10, update to version 128.10 or later.

Fix

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2025-6254

ALT-PU-2025-6353

ALT-PU-2025-6478

ALT-PU-2025-7022

ALT-PU-2025-7695

ALT-PU-2025-7697

BDU:2025-10508

CVE-2025-4082

DLA-4167-1

OESA-2025-2557

OPENSUSE-SU-2025:15042-1

OPENSUSE-SU-2025:15045-1

OPENSUSE-SU-2025_1436-1

OPENSUSE-SU-2025_1506-1

SUSE-SU-2025:1436-1

SUSE-SU-2025:1506-1

Affected Products

Alt Linux

Firefox

Firefox Esr

Suse

Thunderbird

Thunderbird Esr

CVE-2025-4082

Weakness Enumeration

Related Identifiers

Affected Products

References · 66