CVE-2025-4087Out-of-bounds Read in Mozilla Firefox

CWE-125Out-of-bounds ReadCWE-284Improper Access Control12 documents9 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 36.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla ThunderbirdMozilla Firefox
Timeline
PublishedApr 29
Latest updateJul 22

Description

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Thunderbird 138, and Thunderbird 128.10.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages3 packages

NVDmozilla/thunderbird< 128.10.0+1
Debianmozilla/thunderbird< 1:128.10.1esr-1~deb11u1+3
NVDmozilla/firefox< 128.10+1

🔴Vulnerability Details

3
OSV
CVE-2025-4087: A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access2025-04-29
GHSA
GHSA-3mvr-vp9h-cr29: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access2025-04-29
CVEList
Unsafe attribute access during XPath parsing2025-04-29

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2025-07-22
Red Hat
firefox: thunderbird: Unsafe attribute access during XPath parsing2025-04-29
Debian
CVE-2025-4087: firefox - A vulnerability was identified in Thunderbird where XPath parsing could trigger ...2025
Microsoft
iPXE TLS tls.c tls_new_ciphertext information exposure2022-11-08
Mozilla
Mozilla Foundation Security Advisory 2025-28: CVE-2025-4087
CVE-2025-4087 — Out-of-bounds Read in Mozilla Firefox | cvebase