NVD - CVE-2025-4918

Vulnerability Change Records for CVE-2025-4918

Change History

Initial Analysis by NIST 5/28/2025 10:05:35 AM

Action	Type	Old Value	New Value
Added	CPE Configuration		OR cpe:2.3:a:mozilla:firefox:::::-::: versions up to (excluding) 138.0.4 cpe:2.3:a:mozilla:firefox:::::esr::: versions up to (excluding) 115.23.1 cpe:2.3:a:mozilla:firefox:::::esr::: versions from (including) 116.0 up to (excluding) 128.10.1 cpe:2.3:a:mozilla:thunderbird::::::::* versions up to (excluding) 128.10.2 cpe:2.3:a:mozilla:thunderbird:::::-::: versions from (including) 138.0 up to (excluding) 138.0.2
Added	Reference Type		CVE: https://www.vicarius.io/vsociety/posts/cve-2025-4918-detect-firefox-out-of-bounds-write Types: Exploit, Third Party Advisory
Added	Reference Type		CVE: https://www.vicarius.io/vsociety/posts/cve-2025-4918-mitigate-firefox-out-of-bounds-write Types: Exploit, Third Party Advisory
Added	Reference Type		Mozilla Corporation: https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 Types: Permissions Required
Added	Reference Type		Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2025-36/ Types: Vendor Advisory
Added	Reference Type		Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2025-37/ Types: Vendor Advisory
Added	Reference Type		Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2025-38/ Types: Vendor Advisory
Added	Reference Type		Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2025-40/ Types: Vendor Advisory
Added	Reference Type		Mozilla Corporation: https://www.mozilla.org/security/advisories/mfsa2025-41/ Types: Vendor Advisory