FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- XPath parsing undefined behavior

Affected packages
firefox < 138.0,2
firefox-esr < 128.10,1
thunderbird < 138

Details

VuXML ID a2d5bd7b-2e85-11f0-a989-b42e991fc52e
Discovery 2025-04-29
Entry 2025-05-11

security@mozilla.org reports:

A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially, memory corruption.

[source]

References

CVE Name CVE-2025-4087
URL https://nvd.nist.gov/vuln/detail/CVE-2025-4087

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.