cvelistv5 - cve-2025-4082

cve-2025-4082

Vulnerability from cvelistv5

Published

2025-04-29 13:13

Modified

2025-04-29 13:13

Severity ?

Summary

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.

References

▼	URL	Tags
	security@mozilla.org	https://bugzilla.mozilla.org/show_bug.cgi?id=1937097
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-28/
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-29/
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-30/
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-31/
	security@mozilla.org	https://www.mozilla.org/security/advisories/mfsa2025-32/

Impacted products

▼	Vendor	Product
	Mozilla	Firefox
	Mozilla	Firefox ESR
	Mozilla	Firefox ESR
	Mozilla	Thunderbird
	Mozilla	Thunderbird ESR

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "Firefox",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "138",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Firefox ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "115.23",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "138",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Thunderbird ESR",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "128.10",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "un3xploitable \u0026 GF"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\u003cbr\u003e*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 138, Firefox ESR \u003c 128.10, Firefox ESR \u003c 115.23, Thunderbird \u003c 138, and Thunderbird ESR \u003c 128.10."
            }
          ],
          "value": "Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 138, Firefox ESR \u003c 128.10, Firefox ESR \u003c 115.23, Thunderbird \u003c 138, and Thunderbird ESR \u003c 128.10."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "WebGL shader attribute memory corruption in Firefox for macOS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-29T13:13:35.242Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1937097"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-28/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-29/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-30/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-31/"
        },
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2025-32/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2025-4082",
    "datePublished": "2025-04-29T13:13:35.242Z",
    "dateReserved": "2025-04-29T13:13:34.532Z",
    "dateUpdated": "2025-04-29T13:13:35.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-4082\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-04-29T14:15:34.913\",\"lastModified\":\"2025-04-29T14:15:34.913\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.\\n*This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox \u003c 138, Firefox ESR \u003c 128.10, Firefox ESR \u003c 115.23, Thunderbird \u003c 138, and Thunderbird ESR \u003c 128.10.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1937097\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-28/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-29/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-30/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-31/\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2025-32/\",\"source\":\"security@mozilla.org\"}]}}"
  }
}

ghsa-xhhw-j3h4-3x9r

Vulnerability from github

Published

2025-04-29 15:31

Modified

2025-04-29 15:31

Details

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.

Show details on source website