ByteOS Network

NVD Vulnerability Details :

CVE-2025-4093

Modified

Source-security@mozilla.org

Published At-29 Apr, 2025 | 14:15

Updated At-03 Nov, 2025 | 20:19

Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird < 128.10.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 128.10(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*

Mozilla Corporation

>>thunderbird>>Versions before 128.10.0(exclusive)

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-119

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1894100	security@mozilla.org	Permissions Required
https://www.mozilla.org/security/advisories/mfsa2025-29/	security@mozilla.org	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2025-32/	security@mozilla.org	Vendor Advisory
https://lists.debian.org/debian-lts-announce/2025/05/msg00024.html	af854a3a-2127-422b-91ae-364da2661108	N/A