CVE-2025-4082
- Source
- https://cve.org/CVERecord?id=CVE-2025-4082
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4082.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-4082
- Downstream
- Related
- Published
- 2025-04-29T14:15:34.913Z
- Modified
- 2026-03-15T22:52:12.193923Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
- References
-
- https://lists.debian.org/debian-lts-announce/2025/05/msg00022.html
- https://www.mozilla.org/security/advisories/mfsa2025-29/
- https://www.mozilla.org/security/advisories/mfsa2025-30/
- https://www.mozilla.org/security/advisories/mfsa2025-31/
- https://www.mozilla.org/security/advisories/mfsa2025-32/
- https://www.mozilla.org/security/advisories/mfsa2025-28/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1937097
Affected packages
Git /
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4082.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "115.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "138.0"
}
]
},
{
"events": [
{
"introduced": "128.0"
},
{
"fixed": "128.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "128.10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "138.0"
}
]
}
]