Mozilla Foundation Security Advisory 2025-38
Security Vulnerabilities fixed in Firefox ESR 115.23.1
- Announced
- May 17, 2025
- Impact
- critical
- Products
- Firefox ESR
- Fixed in
-
- Firefox ESR 115.23.1
#CVE-2025-4918: Out-of-bounds access when resolving Promise objects
- Reporter
- Edouard Bochin and Tao Yan from Palo Alto Networks working with Trend Micro's Zero Day Initiative
- Impact
- critical
Description
An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object.
References
#CVE-2025-4919: Out-of-bounds access when optimizing linear sums
- Reporter
- Manfred Paul working with Trend Micro's Zero Day Initiative
- Impact
- critical
Description
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.