Volerion logoVolerion
Volerion logoVolerion

Mozilla Firefox and Thunderbird Out-of-Bounds Access Vulnerability

Vulnerability

A critical out-of-bounds read or write vulnerability has been identified in Mozilla Firefox and Thunderbird. This issue arises from an attacker manipulating array index sizes, leading to unauthorized access to JavaScript objects. The vulnerability is present in Firefox versions prior to 138.0.4, as well as in Firefox ESR versions prior to 128.10.1 and 115.23.1. Additionally, Thunderbird versions prior to 138.0.2 and 128.10.2 are affected. In general, this vulnerability cannot be exploited through email in Thunderbird, as scripting is disabled when reading mail, but it poses a risk in browser or browser-like contexts.

Impact

Exploitation of this vulnerability allows for critical out-of-bounds access, enabling attackers to read or write memory outside the intended boundaries, which can lead to memory corruption or arbitrary code execution.

Remediation

Users can upgrade to Firefox 138.0.4, Firefox ESR 128.10.1 or 115.23.1, or Thunderbird 138.0.2 or 128.10.2 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
4.4
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.