FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

firefox -- out-of-bounds read/write

Affected packages
firefox < 138.0.4,2
firefox-esr < 128.10.1

Details

VuXML ID 07560111-34cc-11f0-af94-b42e991fc52e
Discovery 2025-05-17
Entry 2025-05-19

security@mozilla.org reports:

An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.

References

CVE Name CVE-2025-4918
CVE Name CVE-2025-4919
URL https://nvd.nist.gov/vuln/detail/CVE-2025-4918
URL https://nvd.nist.gov/vuln/detail/CVE-2025-4919