CVE-2025-4092: Buffer Overflow
First published: Tue Apr 29 2025(Updated: )
Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 138 and Thunderbird < 138.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <138 | |
| Thunderbird | <138 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4092?
CVE-2025-4092 has a high severity due to potential memory corruption leading to arbitrary code execution.
How do I fix CVE-2025-4092?
To fix CVE-2025-4092, update Firefox and Thunderbird to version 138 or later.
Which versions are affected by CVE-2025-4092?
CVE-2025-4092 affects Firefox versions earlier than 138 and Thunderbird versions earlier than 138.
Can CVE-2025-4092 be exploited remotely?
Yes, if successfully exploited, CVE-2025-4092 could allow remote attackers to execute arbitrary code.
What are the products affected by CVE-2025-4092?
CVE-2025-4092 affects Mozilla Firefox and Mozilla Thunderbird versions below 138.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- vendor/mozilla
- canonical/firefox
- canonical/thunderbird