CVE-2025-4087

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4087

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4087.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4087

Downstream

DEBIAN-CVE-2025-4087

DLA-4167-1

DLA-4172-1

DSA-5910-1

DSA-5912-1

OESA-2025-1486

OESA-2025-1487

OESA-2025-1488

OESA-2025-1489

OESA-2025-1835

RHSA-2025:4443

RHSA-2025:4458

RHSA-2025:4460

RHSA-2025:4751

RHSA-2025:4752

RHSA-2025:4753

RHSA-2025:4756

RHSA-2025:4797

RHSA-2025:7428

RHSA-2025:7506

RHSA-2025:7507

RHSA-2025:7543

RHSA-2025:7544

RHSA-2025:7545

RHSA-2025:7547

RHSA-2025:7689

RHSA-2025:7690

RHSA-2025:7691

RHSA-2025:7692

RHSA-2025:7693

RHSA-2025:7694

RHSA-2025:7695

RLSA-2025:4443

RLSA-2025:4458

RLSA-2025:4460

RLSA-2025:4797

RLSA-2025:7428

SUSE-SU-2025:1436-1

SUSE-SU-2025:1506-1

UBUNTU-CVE-2025-4087

USN-7663-1

openSUSE-SU-2025:15042-1

openSUSE-SU-2025:15045-1

Related

Published

2025-04-29T14:15:35Z

Modified

2025-09-23T15:15:30Z

Summary

[none]

Details

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.

References

Affected packages