CVE-2025-4087 Information

Description

A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access and potentially memory corruption. This vulnerability affects Firefox < 138 Firefox ESR < 128.10 Thunderbird < 138 and Thunderbird ESR < 128.10.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1952465 https://www.mozilla.org/security/advisories/mfsa2025-28/ https://www.mozilla.org/security/advisories/mfsa2025-29/ https://www.mozilla.org/security/advisories/mfsa2025-31/ https://www.mozilla.org/security/advisories/mfsa2025-32/