CVE-2025-4091

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4091

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4091.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4091

Downstream

DEBIAN-CVE-2025-4091

DLA-4167-1

DLA-4172-1

DSA-5910-1

DSA-5912-1

OESA-2025-1486

OESA-2025-1487

OESA-2025-1488

OESA-2025-1489

OESA-2025-1835

RHSA-2025:4443

RHSA-2025:4458

RHSA-2025:4460

RHSA-2025:4751

RHSA-2025:4752

RHSA-2025:4753

RHSA-2025:4756

RHSA-2025:4797

RHSA-2025:7428

RHSA-2025:7506

RHSA-2025:7507

RHSA-2025:7543

RHSA-2025:7544

RHSA-2025:7545

RHSA-2025:7547

RHSA-2025:7689

RHSA-2025:7690

RHSA-2025:7691

RHSA-2025:7692

RHSA-2025:7693

RHSA-2025:7694

RHSA-2025:7695

RLSA-2025:4443

RLSA-2025:4458

RLSA-2025:4460

RLSA-2025:4797

RLSA-2025:7428

SUSE-SU-2025:1436-1

SUSE-SU-2025:1506-1

UBUNTU-CVE-2025-4091

USN-7663-1

openSUSE-SU-2025:15042-1

openSUSE-SU-2025:15045-1

Related

Published

2025-04-29T14:15:35Z

Modified

2025-09-22T18:15:42Z

Summary

[none]

Details

Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Thunderbird < 138, and Thunderbird < 128.10.

References

Affected packages