PT-2025-21810 · Mozilla+2 · Firefox+2
Published
2025-05-17
·
Updated
2025-07-11
·
CVE-2025-4920
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Firefox versions prior to 138.0.4
Firefox ESR versions prior to 128.10.1
Description:
The issue allows an attacker to perform an out-of-bounds read or write on a JavaScript
Promise object.Recommendations:
For Firefox versions prior to 138.0.4, update to version 138.0.4 or later.
For Firefox ESR versions prior to 128.10.1, update to version 128.10.1 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Firefox