Description
Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges.
*This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.
Published: 2025-04-29
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via out-of-bounds read
Action: Patch
AI Analysis

Impact

An out-of-bounds read occurs when a malicious user modifies specific WebGL shader attributes. The read can expose sensitive data and, when combined with other bugs, can be used to raise the privileges of the process. The weakness falls under CWE-125, which describes buffer read errors.

Affected Systems

Only Thunderbird for macOS is affected. The bug was fixed in Thunderbird 138 and 128.10, meaning any earlier installation on macOS may have the vulnerability. The issue does not exist in other Thunderbird releases or in Firefox across platforms.

Risk and Exploitability

The CVSS score of 5.9 indicates a moderate severity. The EPSS score of less than 1% shows the exploit likelihood is very low, and the vulnerability is not listed in CISA’s KEV catalog. The attack is likely local or remotely triggered via a malicious email containing crafted WebGL content; however, this is inferred from the description, as the vector is not explicitly stated.

Generated by OpenCVE AI on April 20, 2026 at 18:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Thunderbird 138 or later on macOS to include the memory‑corruption fix.
  • As a temporary defense, disable WebGL by setting layers.accelerate.disabled to true in Thunderbird’s about:config file.
  • Keep macOS and all related software up to date, and watch for further advisories that might impact Thunderbird’s WebGL handling.

Generated by OpenCVE AI on April 20, 2026 at 18:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4167-1 thunderbird security update
EUVD EUVD EUVD-2025-12688 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.
History

Mon, 13 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10. Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.*. This vulnerability was fixed in Firefox 138, Firefox ESR 128.10, Firefox ESR 115.23, Thunderbird 138, and Thunderbird 128.10.
Title firefox: thunderbird: WebGL shader attribute memory corruption in Firefox for macOS WebGL shader attribute memory corruption in Thunderbird for macOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 09 May 2025 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Mozilla
Mozilla firefox
Mozilla thunderbird
CPEs cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:-:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:esr:*:*:*
Vendors & Products Mozilla
Mozilla firefox
Mozilla thunderbird

Fri, 02 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 02 May 2025 16:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

 cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Thu, 01 May 2025 14:30:00 +0000

Type Values Removed Values Added
Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10. Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

Thu, 01 May 2025 02:45:00 +0000

Type Values Removed Values Added
Title firefox: thunderbird: WebGL shader attribute memory corruption in Firefox for macOS
Weaknesses CWE-125
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H'}

threat_severity

Important

Tue, 29 Apr 2025 13:30:00 +0000

Type Values Removed Values Added
Description Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird ESR < 128.10.
References

Subscriptions

Mozilla Firefox Thunderbird
cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published:

Updated: 2026-04-13T14:27:15.646Z

Reserved: 2025-04-29T13:13:34.532Z

Link: CVE-2025-4082

cve-icon Vulnrichment

Updated: 2025-11-03T19:58:47.529Z

cve-icon NVD

Status : Modified

Published: 2025-04-29T14:15:34.913

Modified: 2026-04-13T15:16:59.277

Link: CVE-2025-4082

cve-icon Redhat

Severity : Important

Publid Date: 2025-04-29T13:13:35Z

Links: CVE-2025-4082 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T18:15:13Z

Weaknesses