VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-fdr6-qypx-1uhr

Essentials
Severities (37)
References (43)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-fdr6-qypx-1uhr
Aliases	CVE-2025-4919
Summary	An attacker was able to perform an out-of-bounds read or write on a JavaScript object by confusing array index sizes.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4919.json
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
epss	0.00042	https://api.first.org/data/v1/epss?cve=CVE-2025-4919
cvssv3.1	8.8	https://bugzilla.mozilla.org/show_bug.cgi?id=1966614
ssvc	Track	https://bugzilla.mozilla.org/show_bug.cgi?id=1966614
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2025-36
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2025-37
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2025-38
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2025-40
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2025-41
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2025-36/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-36/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2025-37/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-37/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2025-38/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-38/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2025-40/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-40/
cvssv3.1	8.8	https://www.mozilla.org/security/advisories/mfsa2025-41/
ssvc	Track	https://www.mozilla.org/security/advisories/mfsa2025-41/

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4919.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-4919
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4919
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2367018		https://bugzilla.redhat.com/show_bug.cgi?id=2367018
cpe:2.3:a:mozilla:firefox:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::-:::*
cpe:2.3:a:mozilla:firefox:::::esr:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:::::esr:::*
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:a:mozilla:thunderbird:::::-:::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:::::-:::*
CVE-2025-4919		https://nvd.nist.gov/vuln/detail/CVE-2025-4919
mfsa2025-36		https://www.mozilla.org/en-US/security/advisories/mfsa2025-36
mfsa2025-36		https://www.mozilla.org/security/advisories/mfsa2025-36/
mfsa2025-37		https://www.mozilla.org/en-US/security/advisories/mfsa2025-37
mfsa2025-37		https://www.mozilla.org/security/advisories/mfsa2025-37/
mfsa2025-38		https://www.mozilla.org/en-US/security/advisories/mfsa2025-38
mfsa2025-38		https://www.mozilla.org/security/advisories/mfsa2025-38/
mfsa2025-40		https://www.mozilla.org/en-US/security/advisories/mfsa2025-40
mfsa2025-40		https://www.mozilla.org/security/advisories/mfsa2025-40/
mfsa2025-41		https://www.mozilla.org/en-US/security/advisories/mfsa2025-41
mfsa2025-41		https://www.mozilla.org/security/advisories/mfsa2025-41/
RHSA-2025:8049		https://access.redhat.com/errata/RHSA-2025:8049
RHSA-2025:8060		https://access.redhat.com/errata/RHSA-2025:8060
RHSA-2025:8125		https://access.redhat.com/errata/RHSA-2025:8125
RHSA-2025:8369		https://access.redhat.com/errata/RHSA-2025:8369
RHSA-2025:8370		https://access.redhat.com/errata/RHSA-2025:8370
RHSA-2025:8371		https://access.redhat.com/errata/RHSA-2025:8371
RHSA-2025:8465		https://access.redhat.com/errata/RHSA-2025:8465
RHSA-2025:8598		https://access.redhat.com/errata/RHSA-2025:8598
RHSA-2025:8599		https://access.redhat.com/errata/RHSA-2025:8599
RHSA-2025:8607		https://access.redhat.com/errata/RHSA-2025:8607
RHSA-2025:8608		https://access.redhat.com/errata/RHSA-2025:8608
RHSA-2025:8628		https://access.redhat.com/errata/RHSA-2025:8628
RHSA-2025:8629		https://access.redhat.com/errata/RHSA-2025:8629
RHSA-2025:8630		https://access.redhat.com/errata/RHSA-2025:8630
RHSA-2025:8631		https://access.redhat.com/errata/RHSA-2025:8631
RHSA-2025:8639		https://access.redhat.com/errata/RHSA-2025:8639
RHSA-2025:8640		https://access.redhat.com/errata/RHSA-2025:8640
RHSA-2025:8642		https://access.redhat.com/errata/RHSA-2025:8642
RHSA-2025:8645		https://access.redhat.com/errata/RHSA-2025:8645
RHSA-2025:8756		https://access.redhat.com/errata/RHSA-2025:8756
RHSA-2025:8807		https://access.redhat.com/errata/RHSA-2025:8807
show_bug.cgi?id=1966614		https://bugzilla.mozilla.org/show_bug.cgi?id=1966614
USN-7663-1		https://usn.ubuntu.com/7663-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4919.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1966614

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://bugzilla.mozilla.org/show_bug.cgi?id=1966614

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-36/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-36/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-37/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-37/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-38/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-38/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-40/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-40/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.mozilla.org/security/advisories/mfsa2025-41/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-19T15:21:34Z/ Found at https://www.mozilla.org/security/advisories/mfsa2025-41/

Exploit Prediction Scoring System (EPSS)

Percentile	0.11956
EPSS Score	0.00042
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:23.339344+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2025/mfsa2025-40.yml	37.0.0