CVE-2025-4082 Information

Description

Modification of specific WebGL shader attributes could trigger an out-of-bounds read which when chained with other vulnerabilities could be used to escalate privileges. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 138 Firefox ESR < 128.10 Firefox ESR < 115.23 Thunderbird < 138 and Thunderbird ESR < 128.10.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1937097 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-29/ https://www.mozilla.org/security/advisories/mfsa2025-30/ https://www.mozilla.org/security/advisories/mfsa2025-31/ https://www.mozilla.org/security/advisories/mfsa2025-32/