CVE-2025-4918
Out-of-bounds read or write vulnerability in JavaScript Promise object in Firefox.
Overview
CVE-2025-4918 is a vulnerability affecting Firefox versions under 138.0.4, Firefox ESR under 128.10.1, and Firefox ESR under 115.23.1. It allows an attacker to perform an out-of-bounds read or write on a JavaScript Promise object.
Technical Details
An attacker is able to manipulate JavaScript promises, enabling an out-of-bounds read or write operation. The affected objects are part of JavaScript execution and this flaw exposes data that could potentially be exploited to execute malicious code or cause system instability.
CVSS Metrics
Unavailable
Impact
An exploit of this vulnerability could lead to unauthorized information disclosure, integrity violation, and potential service disruption.
Recommendations
Update to the latest Firefox versions. Firefox 138.0.4, Firefox ESR 128.10.1, and Firefox ESR 115.23.1 have eliminated this vulnerability.
Threat Metrics
Unavailable
Related CWEs
No related CWEs found.