CVE-2025-4093: Buffer Overflow
First published: Tue Apr 29 2025(Updated: )
Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 128.10 and Thunderbird ESR < 128.10.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox ESR | <128.10 | |
| Thunderbird | <128.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-4093?
CVE-2025-4093 has the potential for high severity due to the presence of memory corruption that could allow for arbitrary code execution.
How do I fix CVE-2025-4093?
To fix CVE-2025-4093, update Firefox ESR or Thunderbird ESR to version 128.10 or later.
Which versions are affected by CVE-2025-4093?
CVE-2025-4093 affects Firefox ESR versions below 128.10 and Thunderbird ESR versions below 128.10.
What are the consequences of CVE-2025-4093 if left unpatched?
If CVE-2025-4093 is left unpatched, it could potentially be exploited to execute arbitrary code on affected systems.
Is CVE-2025-4093 relevant to all users of Firefox and Thunderbird?
CVE-2025-4093 specifically affects users of Firefox ESR and Thunderbird ESR versions prior to 128.10.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/event
- vendor/mozilla
- canonical/firefox esr
- canonical/thunderbird