ГлавнаяУязвимости → CVE-2025-4919
8.8высокая

CVE-2025-4919

Описание

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2.

Затрагиваемое ПО
Mozilla FirefoxMozilla Thunderbird
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://bugzilla.mozilla.org/show_bug.cgi?id=1966614https://www.mozilla.org/security/advisories/mfsa2025-36/https://www.mozilla.org/security/advisories/mfsa2025-37/https://www.mozilla.org/security/advisories/mfsa2025-38/https://www.mozilla.org/security/advisories/mfsa2025-40/https://www.mozilla.org/security/advisories/mfsa2025-41/https://lists.debian.org/debian-lts-announce/2025/05/msg00024.htmlhttps://lists.debian.org/debian-lts-announce/2025/05/msg00046.html