PT-2025-21811 · Mozilla+2 · Firefox+2
Published
2025-05-17
·
Updated
2025-07-11
·
CVE-2025-4921
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Firefox versions prior to 138.0.4
Firefox ESR versions prior to 128.10.1
Description:
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.
Recommendations:
For Firefox versions prior to 138.0.4, update to version 138.0.4 or later.
For Firefox ESR versions prior to 128.10.1, update to version 128.10.1 or later.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Firefox