CVE-2025-4920 - Vulnerability Details - OpenCVE

Duplicate of CVE-2025-4918

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
Debian DSA	DSA-5922-1	firefox-esr security update
EUVD	EUVD-2025-15601	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4 and Firefox ESR < 128.10.1.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Sun, 18 May 2025 20:45:00 +0000

Type	Values Removed	Values Added
References	https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 https://www.mozilla.org/security/advisories/mfsa2025-36/ https://www.mozilla.org/security/advisories/mfsa2025-37/

Sun, 18 May 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description	An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4 and Firefox ESR < 128.10.1.	Duplicate of CVE-2025-4918

Sat, 17 May 2025 21:30:00 +0000

Type	Values Removed	Values Added
Description		An attacker was able to perform an out-of-bounds read or write on a JavaScript `Promise` object. This vulnerability affects Firefox < 138.0.4 and Firefox ESR < 128.10.1.
References		https://bugzilla.mozilla.org/show_bug.cgi?id=1966612 https://www.mozilla.org/security/advisories/mfsa2025-36/ https://www.mozilla.org/security/advisories/mfsa2025-37/

MITRE

Status: REJECTED

Assigner: mozilla

Published: 2025-05-17T21:07:23.879Z

Updated: 2025-05-18T19:21:27.592Z

Reserved: 2025-05-17T21:07:23.170Z

Link: CVE-2025-4920

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-05-17T22:15:19.753

Modified: 2025-05-18T20:15:19.190

Link: CVE-2025-4920

Redhat

No data.

OpenCVE Enrichment

No data.