CVE-2025-4082

Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. This bug only affects Thunderbird for macOS. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox < 138, Firefox ESR < 128.10, Firefox ESR < 115.23, Thunderbird < 138, and Thunderbird < 128.10.

Published: Apr 29, 2025
Updated: May 2, 2025
CVE: CVE-2025-4082
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	138.0
mozilla / firefox	-	115.23
mozilla / firefox	128.0	128.10
mozilla / thunderbird	-	138.0
mozilla / thunderbird	-	128.10.0

https://bugzilla.mozilla.org/show_bug.cgi?id=1937097
https://www.mozilla.org/security/advisories/mfsa2025-28/
https://www.mozilla.org/security/advisories/mfsa2025-29/
https://www.mozilla.org/security/advisories/mfsa2025-30/
https://www.mozilla.org/security/advisories/mfsa2025-31/
https://www.mozilla.org/security/advisories/mfsa2025-32/

Vulnerability Database

289,697

CVE-2025-4082