Mozilla Firefox
Moderate fix1 remedy
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 138.0.4
Mozilla Firefox and Thunderbird Out-of-Bounds Read/Write Vulnerability in Promise Objects
Vulnerability
Patched
A critical out-of-bounds read or write vulnerability has been identified in JavaScript `Promise` objects, affecting multiple versions of Firefox and Thunderbird. This vulnerability allows attackers to manipulate memory, potentially leading to arbitrary code execution. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.
Impact
Exploitation of this vulnerability allows for out-of-bounds memory access, which can lead to memory corruption and potentially arbitrary code execution.
Remediation
Users can upgrade to Firefox 138.0.4, Firefox ESR 128.10.1 or 115.23.1, or Thunderbird 128.10.2 or 138.0.2 to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
8.4impact
0.6exploitability
5.8remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.