Описание
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.
Отчет
Red Hat Product Security rates the severity of this flaw as Important due to the requirement of user interaction.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rhel10/firefox-flatpak | Affected | ||
| Red Hat Enterprise Linux 10 | rhel10/thunderbird-flatpak | Affected | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 10 | firefox | Fixed | RHSA-2025:8125 | 26.05.2025 |
| Red Hat Enterprise Linux 10 | thunderbird | Fixed | RHSA-2025:8608 | 05.06.2025 |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | firefox | Fixed | RHSA-2025:8465 | 03.06.2025 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2025:8060 | 21.05.2025 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2025:8756 | 10.06.2025 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1, Thunderbird < 128.10.2, and Thunderbird < 138.0.2.
An attacker was able to perform an out-of-bounds read or write on a Ja ...
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes. This vulnerability affects Firefox ESR < 115.23.1.
Уязвимость браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, связанная с записью за границами буфера в памяти, позволяющая нарушителю выполнить произвольный код
8.8 High
CVSS3